Wifi-to-serial encapsulation in systems

ABSTRACT

Embodiments include a device comprising an interface module for interfacing with proprietary legacy systems. The interface module comprises a data interface for interfacing with a processing component of the legacy system, where the processing component uses a proprietary protocol for processing data of the legacy system. The interface module includes a protocol module that comprises a protocol corresponding to the proprietary protocol of the legacy system, and the interface module uses the protocol to exchange data with the processing component. The interface module includes a communication device that communicates with a remote system via a wireless channel. The interface module controls communications that include passing commands from the remote system to the legacy system, and passing event data of the legacy system to the remote system.

RELATED APPLICATIONS

This application is a continuation application of U.S. patentapplication Ser. No. 16/026,703, filed Jul. 3, 2018, which is acontinuation of U.S. patent application Ser. No. 13/954,663, filed Jul.30, 2013, now U.S. Pat. No. 10,051,078, each of which is herebyincorporated by reference in their entirety.

U.S. patent application Ser. No. 13/954,663 is a continuation in part ofU.S. patent application Ser. No. 13/932,837, filed Jul. 1, 2013, nowU.S. Pat. No. 9,621,408, which is a continuation in part of U.S. patentapplication Ser. No. 13/925,181, filed Jun. 24, 2013, now U.S. Pat. No.10,339,791, which is a continuation in part of U.S. patent applicationSer. No. 13/718,851, filed Dec. 18, 2012, now U.S. Pat. No. 10,156,831each of which are hereby incorporated in their entirety.

U.S. patent application Ser. No. 13/954,663 is a continuation in part ofU.S. patent application Ser. No. 13/929,568, filed Jun. 27, 2013, nowU.S. Pat. No. 10,444,964, which is a continuation in part of U.S. patentapplication Ser. No. 13/718,851, filed Dec. 18, 2012, now U.S. Pat. No.10,156,831, each of which are hereby incorporated in their entirety.

U.S. patent application Ser. No. 13/954,663 claims the benefit of U.S.Patent Application No. 61/802,077, filed Mar. 15, 2013, which is herebyincorporated in its entirety.

U.S. patent application Ser. No. 13/954,663 claims the benefit of U.S.Patent Application No. 61/782,345, filed Mar. 14, 2013, which is herebyincorporated in its entirety.

U.S. patent application Ser. No. 13/954,663 claims the benefit of U.S.Patent Application No. 61/677,415, filed Jul. 30, 2012, which is herebyincorporated in its entirety.

U.S. patent application Ser. No. 13/954,663 is a continuation in part ofU.S. patent application Ser. No. 13/531,757, filed Jun. 25, 2012, nowabandoned, which is hereby incorporated in its entirety.

U.S. patent application Ser. No. 13/954,663 is a continuation in part ofU.S. patent application Ser. No. 13/335,279, filed Dec. 22, 2011, whichis a continuation in part of U.S. patent application Ser. No.13/929,568, filed Jun. 27, 2013, now U.S. Pat. No. 10,444,964, which ishereby incorporated in its entirety, each of which are herebyincorporated in their entirety.

U.S. patent application Ser. No. 13/954,663 is a continuation in part ofU.S. patent application Ser. No. 13/311,365, filed Dec. 5, 2011, nowU.S. Pat. No. 9,141,276, which is a continuation in part of U.S. patentapplication Ser. No. 11/761,745, filed Jun. 12, 2007, now U.S. Pat. No.8,635,350, each of which are hereby incorporated in their entirety.

U.S. patent application Ser. No. 13/954,663 is a continuation in part ofU.S. patent application Ser. No. 13/244,008, filed Sep. 23, 2011, nowU.S. Pat. No. 8,963,713, which is a continuation in part of U.S. patentapplication Ser. No. 12/750,470, filed Mar. 30, 2010, now U.S. Pat. No.9,191,228, each of which are hereby incorporated in their entirety.

U.S. patent application Ser. No. 13/954,663 is a continuation in part ofU.S. patent application Ser. No. 13/104,932, filed May 10, 2011, whichis a continuation in part of U.S. patent application Ser. No.12/539,537, filed Aug. 11, 2009, now U.S. Pat. No. 10,156,959, each ofwhich are hereby incorporated in their entirety.

BACKGROUND

The field of home and small business security is dominated by technologysuppliers who build comprehensive ‘closed’ security systems, where theindividual components (sensors, security panels, keypads) operate solelywithin the confines of a single vendor solution. For example, a wirelessmotion sensor from vendor A cannot be used with a security panel fromvendor B. Each vendor typically has developed sophisticated proprietarywireless technologies to enable the installation and management ofwireless sensors, with little or no ability for the wireless devices tooperate separate from the vendor's homogeneous system. Furthermore,these traditional systems are extremely limited in their ability tointerface either to a local or wide area standards-based network (suchas an IP network); most installed systems support only a low-bandwidth,intermittent connection utilizing phone lines or cellular (RF) backupsystems. Wireless security technology from providers such as GESecurity, Honeywell, and DSC/Tyco are well known in the art, and areexamples of this proprietary approach to security systems for home andbusiness.

Furthermore, with the proliferation of the internet, ethernet and WiFilocal area networks (LANs) and advanced wide area networks (WANs) thatoffer high bandwidth, low latency connections (broadband), as well asmore advanced wireless WAN data networks (e.g. GPRS, 3G (HSPA), EVDO,LTE, or CDMA 1×RTT) there increasingly exists the networking capabilityto extend these traditional security systems to offer enhancedfunctionality. In addition, the proliferation of broadband access hasdriven a corresponding increase in home and small business networkingtechnologies and devices. It is desirable to extend traditional securitysystems to encompass enhanced functionality such as the ability tocontrol and manage security systems from the world wide web, cellulartelephones, or advanced function internet-based devices. Other desiredfunctionality includes an open systems approach to interface homesecurity systems to home and small business networks.

Due to the proprietary approach described above, the traditional vendorsare the only ones capable of taking advantage of these new networkfunctions. To date, even though the vast majority of home and businesscustomers have broadband network access in their premises, most securitysystems do not offer the advanced capabilities associated with highspeed, low-latency LANs and WANs. This is primarily because theproprietary vendors have not been able to deliver such technologyefficiently or effectively. Solution providers attempting to addressthis need are becoming known in the art, including three categories ofvendors: traditional proprietary hardware providers such as Honeywelland GE Security; third party hard-wired module providers such asAlarm.com, NextAlarm, and IP Datatel; and new proprietary systemsproviders such as InGrid.

Shortcomings of the prior art technologies of the traditionalproprietary hardware providers are inherent in the continued proprietaryapproach of these vendors. As they develop technology in this area itonce again operates only with the hardware from that specific vendor,ignoring the need for a heterogeneous, cross-vendor solution. Yetanother shortcoming of the prior art technologies of the traditionalproprietary hardware providers arises due to the lack of experience andcapability of these companies in creating open internet and web basedsolutions, and consumer friendly interfaces.

Yet another shortcoming of the prior art technologies of the third partyhard-wired module providers arises due to the installation andoperational complexities and functional limitations associated withhardwiring a new component into existing security systems. Moreover, thenew proprietary systems providers are faced with a need to discard allprior technologies, and implement an entirely new form of securitysystem to access the new functionalities associated with broadband andwireless data networks. There remains, therefore, a need for systems,devices, and methods that easily interface to and control the existingproprietary security technologies utilizing a variety of wirelesstechnologies.

INCORPORATION BY REFERENCE

Each patent, patent application, and/or publication mentioned in thisspecification is herein incorporated by reference in its entirety to thesame extent as if each individual patent, patent application, and/orpublication was specifically and individually indicated to beincorporated by reference.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of the integrated security system, under anembodiment.

FIG. 2A is a block diagram of a security system integrated with anexternal control and management system that enables wireless-to-serialencapsulation, under an embodiment.

FIG. 2B is another block diagram of the security system integrated withan external control and management system that enableswireless-to-serial encapsulation, under an embodiment.

FIG. 3 is a flow diagram for integrating or interfacing the externalcontrol and management system (SPIM) with the security panel of thelegacy security system, under an embodiment.

FIG. 4 is a block diagram of components of the integrated securitysystem, under an embodiment.

FIG. 5 is a block diagram of the gateway software or applications, underan embodiment.

FIG. 6 is a block diagram of the gateway components, under anembodiment.

FIG. 7 is a block diagram of IP device integration with a premisenetwork, under an embodiment.

FIG. 8 is a block diagram of IP device integration with a premisenetwork, under an alternative embodiment.

FIG. 9 is a block diagram of a touchscreen, under an embodiment.

FIG. 10 is an example screenshot of a networked security touchscreen,under an embodiment.

FIG. 11 is a block diagram of network or premise device integration witha premise network, under an embodiment.

FIG. 12 is a block diagram of network or premise device integration witha premise network, under an alternative embodiment.

FIG. 13 is a flow diagram for a method of forming a security networkincluding integrated security system components, under an embodiment.

FIG. 14 is a flow diagram for a method of forming a security networkincluding integrated security system components and network devices,under an embodiment.

FIG. 15 is a flow diagram for installation of an IP device into aprivate network environment, under an embodiment.

FIG. 16 is a block diagram showing communications among IP devices ofthe private network environment, under an embodiment.

FIG. 17 is a flow diagram of a method of integrating an external controland management application system with an existing security system,under an embodiment.

FIG. 18 is a block diagram of an integrated security system wirelesslyinterfacing to proprietary security systems, under an embodiment.

FIG. 19 is a flow diagram for wirelessly ‘learning’ the gateway into anexisting security system and discovering extant sensors, under anembodiment.

FIG. 20 is a block diagram of a security system in which the legacypanel is replaced with a wireless security panel wirelessly coupled to agateway, under an embodiment.

FIG. 21 is a block diagram of a security system in which the legacypanel is replaced with a wireless security panel wirelessly coupled to agateway, and a touchscreen, under an alternative embodiment.

FIG. 22 is a block diagram of a security system in which the legacypanel is replaced with a wireless security panel connected to a gatewayvia an Ethernet coupling, under another alternative embodiment.

FIG. 23 is a flow diagram for automatic takeover of a security system,under an embodiment.

FIG. 24 is a flow diagram for automatic takeover of a security system,under an alternative embodiment.

DETAILED DESCRIPTION

Embodiments described herein include systems and methods for improvingthe capabilities of security systems in home and business applications.More particularly, the embodiments provide systems and methods forutilizing Internet Protocol (IP)-based solutions for interfacing to andcontrolling security systems from within a home or business, andextending such control and interface to remote devices outside thepremise. Although the description herein includes many specifics for thepurposes of illustration, anyone of ordinary skill in the art willappreciate that many variations and alterations to the following detailsare within the scope of the invention. Thus, the following embodimentsare set forth without any loss of generality to, and without imposinglimitations upon, the claimed invention.

Embodiments described herein use wireless-to-serial encapsulation (e.g.,RF-to-serial encapsulation, WiFi-to-serial encapsulation, etc.) to moveserial device drivers to other locations in a network (near the deviceor radio) to separate them from the wireless management device or accesspoint, and the encapsulation allows that device to appear like a localserial device for application purposes. As such, the embodiments includea wireless (e.g., radio frequency (RF), etc.) system that enables asystem provider or consumer to extend the capabilities of an existing orlegacy system that is a proprietary system installed at a location(e.g., home, office, etc.). For example, the embodiments described indetail herein include a wireless system that enables a security systemprovider or consumer to extend the capabilities of a legacy securitysystem installed at a home and/or office, but the embodiments are notlimited to interfacing with a security system and can interface with anytype of legacy or proprietary system.

The integrated security system of an embodiment includes an RF-capableGateway device and associated software operating on the Gateway devicephysically located within RF range of the security system or a second RFdevice described herein. Alternatively, the Gateway device can be atouchscreen device coupled to and/or incorporating functionality of theGateway as described in detail herein. The system also includes aninterface device coupled between the Gateway device and the securitysystem. This interface device, generally referred to herein as theSecurity Panel Interface Module (“SPIM”) or the “Cricket”, is locatedwithin the same premise as the security system and connected to thesecurity panel through the security panel wiring interface or bus. TheSPIM includes an one or more RF communication devices or modules thatenable an RF interface, or other wired or wireless interface, to thesecurity system by the Gateway and/or other remote RF device. The one ormore RF communication devices or modules include one or more of acellular communication device, a third Generation (3G) communicationdevice, a High Speed Packet Access (HSPA) communication device, anEnhanced Voice-Data Optimized (EVDO) communication device, a Long TermEvolution (LTE) communication device, a broadband communication device,a radio frequency (RF) communication device, a WiFi communicationdevice, a Z-Wave communication device, a Zigbee communication device,and a proprietary RF communication device (e.g., 900 MHz, 433 MHz,etc.), to name a few. The integrated security system also optionallyincludes a web server, application server, and remote database providinga persistent store for information related to the system. One or morealternative embodiments may incorporate all or part of the SPIMfunctionality described herein as an optional or intrinsic component ofa security panel.

The security systems of an embodiment, referred to herein as theiControl security system or integrated security system, extend the valueof traditional home security by adding broadband access and theadvantages of remote home monitoring and home control through theformation of a security network including components of the integratedsecurity system integrated with a conventional premise security systemand a premise local area network (LAN). With the integrated securitysystem, conventional home security sensors, cameras, touchscreenkeypads, lighting controls, and/or Internet Protocol (IP) devices in thehome (or business) become connected devices that are accessible anywherein the world from a web browser, mobile phone or through content-enabledtouchscreens. The integrated security system experience allows securityoperators to both extend the value proposition of their monitoredsecurity systems and reach new consumers that include broadband usersinterested in staying connected to their family, home and property whenthey are away from home.

The integrated security system of an embodiment includes securityservers (also referred to herein as iConnect servers or security networkservers) and an iHub gateway (also referred to herein as the gateway,the iHub, or the iHub client) that couples or integrates into a homenetwork (e.g., LAN) and communicates directly with the home securitypanel, in both wired and wireless installations. The security system ofan embodiment automatically discovers the security system components(e.g., sensors, etc.) belonging to the security system and connected toa control panel of the security system and provides consumers with fulltwo-way access via web and mobile portals. The gateway and the SPIM ofan embodiment support various wireless protocols as described in detailherein and can therefore interconnect and communicate with a wide rangeof control panels offered by security system providers. Serviceproviders and users can then extend the security system capabilitieswith the additional IP cameras, lighting modules or security devicessuch as interactive touchscreen keypads. The integrated security systemadds an enhanced value to these security systems by enabling consumersto stay connected through email and SMS alerts, photo push, proprietarymobile push interfaces, event-based video capture and rule-basedmonitoring and notifications. This solution extends the reach of homesecurity to households with broadband access.

The integrated security system builds upon the foundation afforded bytraditional security systems by layering broadband and mobile access, IPcameras, interactive touchscreens, and an open approach to homeautomation on top of traditional security system configurations. Theintegrated security system is easily installed and managed by thesecurity operator, and simplifies the traditional security installationprocess, as described below.

The integrated security system provides an open systems solution to thehome security market. As such, the foundation of the integrated securitysystem customer premises equipment (CPE) approach has been to abstractdevices, and allows applications to manipulate and manage multipledevices from any vendor. The integrated security system DeviceConnecttechnology that enables this capability supports protocols, devices, andpanels from GE Security, D S C, and Honeywell, as well as consumerdevices using Z-Wave, Zigbee, IP cameras (e.g., Ethernet, WiFi, andHomeplug), and IP touchscreens. The DeviceConnect technology is a deviceabstraction layer that enables any device or protocol layer tointeroperate with integrated security system components. Thisarchitecture enables the addition of new devices supporting any of theseinterfaces, as well as the addition of new protocols.

A benefit of DeviceConnect is that it provides supplier flexibility. Thesame consistent touchscreen, web, and mobile user experience operatesunchanged on whatever security equipment is selected by a securitysystem provider, with the system provider's choice of IP cameras,backend data center and central station software.

The integrated security system provides a complete system thatintegrates or layers on top of a conventional host security systemavailable from a security system provider. The security system providertherefore can select different components or configurations to offer forboth the SPIM and the Gateway (e.g., CDMA, GPRS, 3G, LTE, no cellular,etc.) as well as have iControl modify the integrated security systemconfiguration for the system provider's specific needs (e.g., change thefunctionality of the web or mobile portal, add a GE orHoneywell-compatible TouchScreen, etc.).

The integrated security system integrates with the security systemprovider infrastructure for central station reporting directly viaBroadband and cellular (e.g. GPRS, 3G, LTE, 1×RTT, etc.) alarmtransmissions. Traditional dial-up reporting is supported via thestandard panel connectivity. Additionally, the integrated securitysystem provides interfaces for advanced functionality to the CMS,including enhanced alarm events, system installation optimizations,system test verification, video verification, 2-way voice over IP andGSM. The alarm report of an embodiment is generated by the securitypanel, and then relayed over broadband or cellular by the SPIM using acellular modem, as described in detail herein. Alternatively, the SPIMrelays the alarm report over RF (e.g., Wifi, etc.) to the Gateway andthe Gateway communicates the alarm report to the CMS over Broadband orcellular, depending on the physical configuration of the Gateway andSPIM (i.e., where the cellular modem and broadband connection interfacesare configured). In another embodiment, the SPIM processes securitysystem data received from the Security System and generates the alarmreport in the SPIM, and uses the cellular or broadband connection toforward the alarm report to the Gateway and/or the CMS. In yet anotherembodiment, the Gateway processes security system data received from theSecurity System via the SPIM and generates the alarm report in theGateway, and forwards the alarm report to the CMS.

The integrated security system is an IP centric system that includesbroadband connectivity so that the gateway augments the existingsecurity system with broadband and cellular connectivity. If broadbandis down or unavailable cellular may be used, for example. The integratedsecurity system supports cellular connectivity using an optionalwireless package that includes a cellular modem in the gateway. Theintegrated security system treats the cellular connection as a highercost though flexible option for data transfers. In an embodiment thecellular connection is only used to route alarm events (e.g., for cost),however the gateway can be configured (e.g., through the iConnect serverinterface) to act as a primary channel and pass any or all events overcellular. Consequently, the integrated security system does notinterfere with the current plain old telephone service (POTS) securitypanel interface. Alarm events can still be routed through POTS; howeverthe gateway also allows such events to be routed through a broadband orcellular connection as well.

In an embodiment, the SPIM can couple or connect to the POTS connectionof the security panel and use this coupling to receive alarm reportsthat the SPIM or Gateway then forward to the CMS. The integratedsecurity system provides a web application interface to the CSR toolsuite as well as XML or REST web services interfaces for programmaticintegration between the security system provider's existing call centerproducts. The integrated security system includes, for example, APIsthat allow the security system provider to integrate components of theintegrated security system into a custom call center interface. The APIsinclude XML or REST web service APIs for integration of existingsecurity system provider call center applications with the integratedsecurity system service. All functionality available in the CSR Webapplication is provided with these API sets. The Java and XML-based APIsof the integrated security system support provisioning, billing, systemadministration, CSR, central station, portal user interfaces, andcontent management functions, to name a few. The integrated securitysystem can provide a customized interface to the security systemprovider's billing system, or alternatively can provide security systemdevelopers with APIs and support in the integration effort.

The integrated security system provides or includes business componentinterfaces for provisioning, administration, and customer care to name afew. Standard templates and examples are provided with a definedcustomer professional services engagement to help integrate OSS/BSSsystems of a Service Provider with the integrated security system.

The integrated security system components support and allow for theintegration of customer account creation and deletion with a securitysystem. The iConnect APIs provides access to the provisioning andaccount management system in iConnect and provide full support foraccount creation, provisioning, and deletion. Depending on therequirements of the security system provider, the iConnect APIs can beused to completely customize any aspect of the integrated securitysystem backend operational system.

The integrated security system includes a gateway that supports thefollowing standards-based interfaces, to name a few: Ethernet IPcommunications via Ethernet ports on the gateway, and standardXML/REST/TCP/IP protocols and ports are employed over secured SSLsessions; USB 2.0 via ports on the gateway; 802.11b/g/n IPcommunications; GSM/GPRS/3G/LTE RF WAN communications; CDMA 1×RTT RF WANcommunications (optional, can also support EVDO and 3G technologies).

The gateway supports the following proprietary interfaces, to name afew: interfaces including Dialog RF network (319.5 MHz) and RS485Superbus 2000 wired interface; RF mesh network (908 MHz); and interfacesincluding RF network (345 MHz) and RS485/RS232bus wired interfaces.

Regarding security for the IP communications (e.g., authentication,authorization, encryption, anti-spoofing, etc.), the integrated securitysystem uses SSL or other AES-type encryption techniques to encrypt IPtraffic, using server and client-certificates for authentication, aswell as authentication in the data sent over the SSL-encrypted channel.For encryption, integrated security system issues public/private keypairs at the time/place of manufacture, and certificates are not storedin any online storage in an embodiment.

The integrated security system does not need any special rules at thecustomer premise and/or at the security system provider central stationbecause the integrated security system makes outgoing connections usingTCP over the standard HTTP and HTTPS ports. Provided outbound TCPconnections are allowed then no special requirements on the firewallsare necessary.

FIG. 1 is a block diagram of the integrated security system 100, underan embodiment. The integrated security system 100 of an embodimentincludes the gateway 102 and the security servers 104 coupled to theconventional home security system 110. At a customer's home or business,the gateway 102 connects and manages the diverse variety of homesecurity and self-monitoring devices. The gateway 102 communicates withthe iConnect Servers 104 located in the service provider's data center106 (or hosted in integrated security system data center), and thecommunication occurs via a communication network 108 or other network(e.g., cellular network, internet, etc.). These servers 104 manage thesystem integrations necessary to deliver the integrated system servicedescribed herein. The combination of the gateway 102 and the iConnectservers 104 enable a wide variety of remote client devices 120 (e.g.,PCs, mobile phones and PDAs) allowing users to remotely stay in touchwith their home, business and family. In addition, the technology allowshome security and self-monitoring information, as well as relevant thirdparty content such as traffic and weather, to be presented in intuitiveways within the home, such as on advanced touchscreen keypads.

The integrated security system service (also referred to as iControlservice) can be managed by a service provider via browser-basedMaintenance and Service Management applications that are provided withthe iConnect Servers. Or, if desired, the service can be more tightlyintegrated with existing OSS/BSS and service delivery systems via theiConnect web services-based XML APIs.

The integrated security system service can also coordinate the sendingof alarms to the home security Central Monitoring Station (CMS) 199.Alarms are passed to the CMS 199 using standard protocols such asContact ID or SIA and can be generated from the home security panellocation, by iHub technology (embedded in a Gateway and/or SPIM asdescribed with reference to FIG. 2) as well as by iConnect server 104conditions (such as lack of communications with the integrated securitysystem). In addition, the link between the security servers 104 and CMS199 provides tighter integration between home security andself-monitoring devices and the gateway 102. Such integration enablesadvanced security capabilities such as the ability for CMS personnel toview photos taken at the time a burglary alarm was triggered. Formaximum security, the gateway 102 and iConnect servers 104 support theuse of a mobile network (GPRS, 3G, LTE, EVDO, and CDMA options areavailable) as a backup to the primary broadband connection.

The SPIM is included as a component in the integrated security system ofan embodiment to enable the use of wireless-to-serial encapsulation inthe security system. The integrated security system therefore integratesbroadband and mobile access and control with conventional securitysystems and premise devices to provide a multi-mode security network(broadband, cellular/GSM/3G/LTE, POTS access) that enables users toremotely stay connected to their premises. The integrated securitysystem, while delivering remote premise monitoring and controlfunctionality to conventional monitored premise protection, complementsexisting premise protection equipment. The integrated security systemintegrates into the premise network and couples wirelessly with theconventional security panel, enabling broadband access to premisesecurity systems. Automation devices (cameras, lamp modules,thermostats, etc.) can be added, enabling users to remotely see livevideo and/or pictures and control home devices via their personal webportal or webpage, mobile phone, and/or other remote client device.Users can also receive notifications via email or text message whenhappenings occur, or do not occur, in their home.

Generally, the SPIM of an embodiment enables a remote system (e.g.,gateway, touchscreen, security server, central monitoring station, etc.)to communicate with a system or device that internally uses aproprietary protocol (“proprietary system”). In an embodiment the systemthat uses the proprietary protocol is a legacy security system, but thiscould be any type of system or device using a proprietary protocol. TheSPIM functions in the role of a monitoring-and-control device in that itperforms the functions necessary to pass data and commands from theremote device or system to the proprietary system, and to pass data ofevents reported by the proprietary system from the proprietary system tothe remote device or system.

The SPIM, enabled as a cellular or broadband device, enables legacysecurity systems to communicate with a remote server or other remotesystem to provide remote control of the security system, remote displayof security status and data, and notifications regarding user specifiedcondition changes. The SPIM also enables alarm notifications andreporting, where alarm reports are generated by the security system andcommunicated to the SPIM via an interface or, alternatively, the alarmreports are generated by the SPIM using data received at the SPIM fromthe security system. Additionally, the SPIM enables remote control ofhome management devices that include but are not limited to Z-Wavedevices, Zigbee devices, WiFi devices, cameras, touch screens, lights,locks, thermostats, and blinds, to name a few.

The SPIM communicates with the proprietary system using any protocol(s)required of the proprietary system. Similarly, the SPIM communicateswith remote systems or devices using one or more protocols asappropriate to the remote system/device and/or network couplings orconnections between the SPIM and the remote system/device.

The integrated security system of an embodiment uses TransmissionControl Protocol (TCP) for commands from the remote system to the SPIM,and User Datagram Protocol (UDP) for transmitting to the remote systemevent data received at the SPIM from the security panel. However, theSPIM can communicate with the remote system using various protocols asappropriate to the communication protocol of the remote system (e.g.,serial protocol (may or may not be the same as the serial protocol ofthe proprietary system), Ethernet (TCP/Internet Protocol (IP)), WiFi(TCP/IP), etc.). Regardless, the SPIM translates between the serialcommunication protocol of the panel/bus and the protocol of the remotesystem as appropriate to the direction of the communication.

The SPIM functions to insulate the remote system from low-levelimplementation details of the proprietary system and provides aninterface by which data of the proprietary system is extracted from theproprietary system and communicated to remote systems of a variety oftypes using any type of communication protocol available as the state ofthe art. The SPIM further enables the protocol translations necessaryfor communicating with the proprietary system to be performed at anycomponent of the remote system, including the SPIM.

When the SPIM receives data from proprietary system, the SPIM candirectly transmit the proprietary system data to a remote system wherethe data is processed. Alternatively, the SPIM processes the receiveddata before transmitting the processed data to a remote system. Forexample, the SPIM can directly transfer the data to an intermediatedevice (e.g., gateway, IP device on wide area network (WAN), etc.) usingan appropriate protocol, and the intermediate device uses a protocol(e.g., SMA protocol, 3G, broadband, etc.) to transmit the data to aremote server where the data is processed. Additionally, the SPIM candirectly transfer the data to an intermediate device (e.g., gateway,etc.) using WiFi, Ethernet, or a serial connection and the intermediatedevice processes the data. Further, the SPIM of an embodiment uses aprotocol (e.g., Z-Wave, etc.) as a transport mechanism by which it sendspackets to a remote system or device. The embodiments are not howeverlimited to the examples described herein.

In an embodiment in which the proprietary system is a security system,the security system includes a security panel, also referred to as acontrol panel, or panel. The panel includes a processor and an internalbus or other communication medium that couples the panel to and enablescommunication with peripheral devices of the security system, where theperipheral devices include one or more of keypads, automation modules,extender modules, and output modules. The security panel can includemore than one bus or communication medium. The buses of an embodimentare typically serial buses that are referred to as “multi-drop” busesbecause they couple to and enable communication with multiple devices,but are not so limited.

The legacy system buses function as polling interfaces by which thesecurity panel polls the security system devices coupled to the bus (andregistered with the panel) as to the existence of data, commands, orinformation that is to be sent to or exchanged with the panel. Inherentin this polling bus communication configuration are tightly constrainedtiming requirements for the communications between the panel and thecoupled devices.

An alternative bus configuration is a point-to-point configuration inwhich the bus is coupled to the security panel on one end and a singledevice on the other end of the bus. In this configuration, the panelpolls the device as to the availability of data or, alternatively, thedevice transmits commands or data to panel as they become available.

Because the bus is a serial bus, it cannot be used to communicatedirectly with systems or devices that are not connected to the busmeaning it cannot communicate directly via various other means ofcommunication (e.g., 3G, wireless, internet, WiFi, etc.). Also, the buscannot be used to communicate directly with devices that are not able tocomply with the strict communication timing constraints. For this reasonthe SPIM is used to enable communication between the serial bus of thesecurity panel and remote systems that are not on the serial bus.

The SPIM serves as a monitoring-and-control interface between remotesystems and the security panel and, in so doing, serves as a protocoltranslator for those communications. The SPIM is used to manage andcontrol the protocol translation, communication translation (electricalconversion) and timing constraints associated with communication betweenthe panel and remote systems. The handling of control enables thesending of commands from remote systems to the security panel andreceiving responses in turn. The monitoring segment enabled by the SPIMdeals with the receipt at the remote systems of events and datatransmitted or reported by the security panel. Event data sent from thesecurity panel can be asynchronously transmitted by the panel to theremote system but is not so limited. Alternatively, the remote systempolls the panel via the SPIM for the events.

Regarding the polling, the SPIM may conduct polling operations on behalfof the remote system. Event data received in response from the panel canbe buffered at the SPIM and sent to the remote system in due course, orretransmitted to the remote system immediately upon receipt.

Processing and/or applications relating to the SPIM or operations of theSPIM can be executing on one or more of at least one processor hosted onthe SPIM and at least one processor coupled to the SPIM. For example,the applications can be executing on one or more of the remote gateway,the remote touchscreen, and the remote server.

The SPIM of an embodiment makes use of an abbreviated command set(relative to the control panel) that is abstracted away from particularimplementations of the panel. In one embodiment, the SPIM includes aprotocol translator that maps between specific commands of theunderlying system and more generic commands of the remote system. Whilethe translator or translator mapping is a component of the SPIM of anembodiment, it is not so limited and can be hosted in or coupled to oneor more other components of remote system.

Regarding the transmission of alarm events to a central monitoringservice or station (CMS), the SPIM of an embodiment sends alarm eventsdirectly to the CMS (e.g., over at least one of a broadband coupling orconnection, or 3G coupling or connection, etc.). The SPIM of analternative embodiment sends alarm events to an intermediate device(e.g., system, server, etc.), and the intermediate device in turnforwards the alarm events to the CMS. The SPIM of another alternativeembodiment sends alarm events through a local gateway or other system ordevice, and the gateway in turn sends the alarm events to the CMS (e.g.,directly, through an intermediate server, etc.).

In accordance with the embodiments described herein, a wireless system(e.g., radio frequency (RF)) is provided that enables a securityprovider or consumer to extend the capabilities of an existingRF-capable security system or a non-RF-capable security system that hasbeen upgraded to support RF capabilities. The system includes the SPIMthat communicates with the proprietary security system using theprotocol(s) required of the proprietary system. The SPIM enables thesecurity system to communicate with a remote system to provide remotecontrol of the security system, remote display of security status anddata, and notifications regarding user specified condition changes. Thesystem includes an RF-capable Gateway device (physically located withinRF range of the RF-capable security system) and associated softwareoperating on the Gateway device. The system also includes a web server,application server, and remote database providing a persistent store forinformation related to the system.

The SPIM of an embodiment is an all-in one device that includes thecomponents of the SPIM described herein, along with components used forone or more of WiFi communication, 3G communication, Z-Wave, and Zigbeecommunication. Alternatively, the SPIM includes only the SPIM componentsdescribed herein, and is coupled to other communication components. Forexample, one or more of the WiFi communication component, 3Gcommunication component, Z-Wave communication, and Zigbee component canbe hosted in the gateway, and the SPIM communicates with the gatewayover a serial coupling or connection.

As a general example, FIG. 2A is a block diagram of a security systemintegrated with an external control and management system that enableswireless-to-serial encapsulation, under an embodiment. The securitysystem is coupled or connected to the SPIM of the external control andmanagement system via a wired or wireless interface to the securitypanel bus device. The SPIM is also coupled or connected to the gatewayor touchscreen via an RF link. The Gateway is coupled to a broadbandnetwork, and the broadband network provides couplings and/or access tonetwork servers comprising numerous information and content sourcesincluding web servers, system databases, and applications servers toname a few. The gateway of an embodiment provides the interface betweensecurity system and the CMS and/or other designated remote systems anddevices for purposes of remote control, monitoring, and management. Thebroadband network comprises the Internet, including the World Wide Web,and/or any other type of network, such as an intranet, an extranet, avirtual private network (VPN), a mobile network, or a non-TCP/IP basednetwork, for example.

The SPIM of an embodiment includes one or more RF interfaces orcommunication devices that enable wireless communications with remotedevices. For example, the SPIM of an embodiment includes a communicationdevice that is a cellular interface that enables the SPIM to communicatevia a remote cellular network directly to remote cellular-enabledsystems. The cellular interface enables the SPIM to communicate directlywith the external central monitoring station (CMS), and/or tocommunicate directly with the network servers. The communication deviceof an embodiment includes any device or combination of wirelesscommunication devices, for example, a cellular communication device, athird Generation (3G) communication device, a High Speed Packet Access(HSPA) communication device, an Enhanced Voice-Data Optimized (EVDO)communication device, a Long Term Evolution (LTE) communication device,a broadband communication device, a radio frequency (RF) communicationdevice, a WiFi communication device, a Z-Wave communication device, aZigbee communication device, a proprietary RF communication device(e.g., 900 MHz, 433 MHz, etc.), and a plain old telephone service (POTS)device, to name a few.

The SPIM of an embodiment is coupled or connected to broadband byrouting an Ethernet cable from the SPIM into a router or broadbandmodem. Alternatively, the coupling or connection between the SPIM andbroadband includes a WiFi hop to a WiFi Access Point that is thencoupled or connected to (or included in) the broadband (e.g., cable,DSL, etc.) modem. In yet another embodiment, the coupling or connectionbetween the SPIM and broadband includes a WiFi hop to a 3G or 4Gpersonal wireless device (e.g., MiFi, cellular telephone, etc.).

Communication between the SPIM and a remote system (e.g., remote server,cellular telephone, etc.) can includes use of a “command channel” overwhich various commands are sent (e.g., disarm security system, turn on alight, etc.). The command channel of an embodiment comprises at leastone of an “always-on” socket connection initiated/maintained by theSPIM, and an ephemeral coupling or connection that is initiated by theremote system sending a shoulder-tap SMS message (after receiving theshoulder-tap, the SPIM opens a socket connection to the server). Thiscommand channel is used to get around firewall restrictions, andnetwork-address-space limitations, which make it impossible for theserver to simply open a network connection to SPIM. Forbroadband-connected SPIMs, the “always-on” command channel is used in anembodiment because of the low-latency connection (that is, when sendinga command, the remote server sends it on the open channel instead ofwaiting for a shoulder tap to be received in order to initiate acallback. For cellular-connected SPIMs, the “shoulder-tap initiated”command channel is used in an embodiment to avoid the data-usage andsystem resources required with keeping the command channel open.

The SPIM of an embodiment also includes an alarm interface that receivesan alarm report directly from security system, and sends the reportdirectly to the CMS and/or other designated remote devices via the SPIMcommunication device. The alarm interface alternatively sends the alarmreport to an off-site system or server via the gateway/touchscreen.

As an alternative to receiving an alarm report from the security system,the alarm interface receives security state data or information from thesecurity system, generates an alarm report using the security stateinformation, and sends the generated alarm report directly to one ormore of the CMS and/or other designated remote devices. The alarminterface alternatively sends the alarm report to an off-site system orserver via the gateway/touchscreen.

The SPIM of an embodiment includes an onboard scheduling and/or rulesengine that enables the end-user to program schedules and automations.This is particularly useful for SPIMs that are able to controlassociated devices (e.g., Z-Wave device, Zigbee device, etc.). Forexample, some Z-Wave thermostats (e.g., Radio Thermostat if America'sCT-100) are not end-user-programmable with different temperatureset-points at different times of the day. Running such thermostatschedules on a remote system (e.g., remote server, etc.) is possible;however, the remote system then has to send commands to the thermostatseveral times a day to change parameters (e.g., heat and/or coolset-points, system modes, fan modes, etc.). The bandwidth, delay, anduncertainty associated with the remote system calling the SPIM withthermostat settings changes can be avoided by running the schedulelocally on the SPIM.

The SPIM of an embodiment locally controls automatic actions of anassociated system (e.g., causing a light to turn on in response toopening of a door, etc.). This SPIM-based automation logic improvesbandwidth and speed by avoiding the requirement to send the event orevent information to the remote system, having the logic of the remotesystem decide that an action is to be taken, and then sending a commandback to the SPIM. This is particularly useful when the automationinvolves a security-panel sensor (e.g., door sensor, window sensor,motion sensor, etc.) triggering a video or snapshot capture from acamera, because the delay in getting the sensor event of the panel to aremote security server, and the resulting capture command making it backto the camera, is often too long for such an automaton to be useful. Byhaving the automation logic run in the SPIM, a relatively shorter delayis realized between the trigger event (e.g., door open), and the action(e.g., video capture).

More particularly, FIG. 2B is another block diagram of a security systemintegrated with an external control and management system that enableswireless-to-serial encapsulation, under an embodiment. The SPIM 2230 ofthis embodiment generally comprises a hardware interface module and adriver running on a processor of the Gateway. The hardware interfacemodule couples or connects to the wired bus of the security panel 2211and manages and controls all direct communication with the panel. Thedriver running on the Gateway 2220 mediates between the hardwareinterface module and the user-level applications of the integratedsecurity system.

The SPIM hardware interface module includes but is not limited to aprocessor (not shown) coupled or connected to a real-time bus interface2231, a bus protocol or protocol module 2232, and at least onecommunication device. The communication device of an embodiment includesone or more of a WiFi client module 2233, a cellular interface 2234, andan alarm interface 2235. Generally, however, the communication devicecomprises any device or combination of wireless communication devices,for example, a cellular communication device, a third Generation (3G)communication device, a High Speed Packet Access (HSPA) communicationdevice, an Enhanced Voice-Data Optimized (EVDO) communication device, aLong Term Evolution (LTE) communication device, a broadbandcommunication device, a WiFi communication device, a Z-Wavecommunication device, a Zigbee communication device, and a plain oldtelephone service (POTS) device, to name a few. The SPIM of anembodiment includes a self-contained power source and backup powersource but, alternatively, the SPIM is coupled or connected to the powersource and backup power source of the security system.

The security system 2210 is connected to the SPIM 2230 of the externalcontrol and management system via a wire interface 2280 between aprocessing component of the security system 2210 and the bus interface2231 of the SPIM 2230. The processing component to which the businterface 2231 of an embodiment is coupled is a security panel busdevice 2213 of the security panel 2211, but the embodiment is not solimited. Embodiments of the wire interface 2280 include but are notlimited to a TTL interface, an RS 232 interface, an RS422 interface,etc.

The SPIM of an embodiment encapsulates proprietary security system dataand transmits it to a remote system (e.g., remote server, etc.) wherethe security system data is parsed and processed. Alternatively, theSPIM encapsulates the proprietary security system data and transmits itto the Gateway where the security system data is parsed and processed.In yet another alternative embodiment, the SPIM parses proprietarysecurity system data, initiates actions appropriate to the data, andsends instructions to the Gateway and/or remote system (e.g., remoteserver, etc.). Regardless of particular embodiment, the SPIM manages thetiming and framing requirements of data exchanges with the securitysystem.

The SPIM couples to the Gateway 2220 via an RF link 2270. The RF link2270 of this example is a WiFi link to a WiFi access point 2223 of theGateway, but alternatively can include any type of radio frequency (RF)link (e.g., Z-Wave, Zigbee, cellular, etc.). The wireless link is a hopin the “sandbox” WiFi network described in detail herein. In alternativeembodiments the Gateway 2220 is a touchscreen coupled or connected tothe Gateway 2220 or a touchscreen incorporating components and/orfunctionality of the Gateway 2220, as described in detail herein.

The Gateway 2220 is coupled to a broadband network 2230, and thebroadband network 2230 provides couplings and/or access to a pluralityof information and content sources including one or more web servers2240, system databases 2250, and applications servers 2260 to name afew. The broadband network 2230 comprises the Internet, including theWorld Wide Web, and/or any other type of network, such as an intranet,an extranet, a virtual private network (VPN), a mobile network, or anon-TCP/IP based network, for example.

Security system 2210 includes any type home or business security system,such devices including but not limited to a standalone RF home securitysystem or a non-RF-capable wired home security system with an add-on RFinterface module as described in detail herein. In an example, securitysystem 2210 includes a security panel (SP) 2211 that acts as the mastercontroller for security system 2210. Examples of such a security panelinclude but are not limited to the UTC Interlogix Concord, Networx, andSimon panels, the Honeywell Vista and Lynx panels, and similar panelsfrom DSC and Napco. A wireless module 2212 includes the RF hardware andprotocol software to enable communication with and control of securitysystem components that include a plurality of wireless devices. Thesecurity system components include, for example, door contacts, windowcontacts, motion sensors, and glass-break detectors, but are not solimited. The security panel 2211 may also manage wired security systemcomponents 2214 physically connected to the security panel 2211 with anRS232, a conventional DC or AC circuit for contacts, or RS485 orEthernet connection or similar such wired interface.

In an embodiment, Gateway 2220 provides the interface between securitysystem 2210 and LAN and/or WAN for purposes of remote control,monitoring, and management. Gateway 2220 communicates with an externalweb server 2240, database 2250, and application server 2260 over network2230 (which may comprise WAN, LAN, cellular or a combination thereof).In this example, application logic, remote user interface functionality,as well as user state and account information is managed by thecombination of these remote servers. Gateway 2220 includes serverconnection manager 2221, a software interface module responsible for allserver communication over network 2230 (including cellular and/or IP WANconnectivity). While the Gateway 2220 of an embodiment is a manageddevice managed by the remote servers, the Gateway of an alternativeembodiment is invisible to the remote servers and serves as nothing morethan a pass-through for data and communications.

The Device Manager 2224 of Gateway 2220 processes events and controlmessages exchanged with the security system 2210 using the SPIM 2230.Device Manager 2224 relies upon SPIM 2230 which receives and stores theproprietary or standards-based protocols used to support the securitysystem 2210. SPIM 2230 further uses the comprehensive protocols andinterface algorithms for a plurality of security systems 2210 stored inthe security panel client database associated with security panelprotocol manager 2226. These various components implement the softwarelogic and protocols necessary to communicate with and manage thesecurity system 2210 as well as other remote devices. The SPIM 2230 isused as an intermediary between Gateway 2220 and Security System 2210for all security interfaces. In this example, RF Link 2270 representsthe 802.11n (WiFi) RF communication link, enabling gateway 2220 tomonitor and control security panel 2211 and associated wireless andwired devices 2214, but is not so limited.

In addition to communicating with Security System 2210 and with securitysystem components, Gateway 2220 communicates with other remote devicesat the premises. Gateway 2220 includes Wireless Transceiver hardwaremodules 2225 that are used to implement the physical RF communicationslinks to remote devices.

Regarding communications with the security system 2210, the serverconnection manager 2221 of Gateway 2220 of an embodiment requests andreceives a set of wireless protocols for a specific security system 2210(an example being that of the GE Security Concord panel and sensors) andstores the protocols in the database portion of the wireless protocolmanager 2226. The WiFi access point manager 2223 then uses the protocolsfrom wireless protocol manager 2226 to initiate the sequence ofprocesses described herein for learning gateway 2220 into securitysystem 2210 as an authorized control device. Once learned in, eventmanager 222 (described with reference to FIG. 4) processes all eventsand messages detected by the combination of the WiFi access pointmanager 2223 and the wireless transceiver module 2225 of Gateway 2220.

Gateway 2220 of an embodiment comprises one or more wirelesstransceivers 2225 and associated protocols managed by wireless protocolmanager 2226. In this embodiment, events and control of multipleheterogeneous devices may be coordinated with security panel 2211,wireless devices 2213, and wired devices 2214. For example, a wirelesssensor from one manufacturer may be utilized to control a device using adifferent protocol from a different manufacturer.

The SPIM 2230 of an embodiment includes a cellular interface 2234. Thecellular interface 2234 enables the SPIM 2230 to communicate via aremote cellular network to remote cellular-enabled systems. For example,the cellular interface 2234 enables the SPIM 2230 to communicatedirectly with the external central monitoring station (CMS), and/or tocommunicate directly with the Application Server 2260, without requiringa separate Gateway device.

The SPIM 2230 of an embodiment includes an alarm interface 2235. Thealarm interface 2235 receives an alarm report directly from SecuritySystem 2210. Under this embodiment, the Wire Interface 2280 between theSPIM 2230 and the Security System 2210 includes a connection to one ofthe security panel bus 2213 or the phone line RJ11 connection used forPOTS alarm transmission. The alarm interface 2235 then forwards thereport to one or more of the CMS, Application Server 2260, or anotheroff-site server designated by the service provider. The alarm interface2235 of an embodiment sends the alarm report to an off-site system orserver via the Gateway 2220. Alternatively, the alarm interface 2235sends the alarm report to an off-site system or server directly usingthe cellular interface 2234.

As an alternative to receiving an alarm report from the security system2210, the alarm interface 2235 receives security state data orinformation from the security system 2210. The alarm interface 2235 usesthe security state information received from the security system viaWire Interface 2280 to generate an alarm report. The alarm interface2235 forwards the report to one or more of the CMS, Application Server2260, or another off-site server designated by the service provider. Thealarm interface 2235 of an embodiment sends the alarm report to anoff-site system or server via the Gateway 2220. Alternatively, the alarminterface 2235 sends the alarm report to an off-site system or serverdirectly using the cellular interface 2234.

FIG. 3 is a flow diagram 30 for integrating or interfacing the externalcontrol and management system (SPIM) with the security panel of thelegacy security system, under an embodiment. The SPIM 2230 interfacewith the proprietary bus of the security panel uses real-time businterface 2231 and bus protocol 2232, which may be downloadeddynamically from Gateway 2220 or Application Server 2260. The system ofan embodiment is installed by connecting the SPIM device to thebus-level or other proprietary interface of the security panel 3110.

When initially powered on, the SPIM may be enrolled in the securitypanel as a known type of device or devices (e.g. as a keypad or an‘automation module’). The Gateway and/or touchscreen device, alsoreferred to herein as the iHub, is placed in an operational state 3111,from which the Gateway initiates 3112 a software and RF sequence tolocate, enroll, and interface to the SPIM device. The SPIM may beenrolled with the Gateway device using conventional WiFi enrollmentprocedures, including WPS, web-based SSID/password entry, or automaticMAC address discovery and SPIM configuration by the Gateway, to name afew.

The SPIM begins monitoring information on the security panel bus andcommunications with the Gateway over the WiFi RF link 3113. For thesecurity system, the SPIM monitors for a state change in the securitypanel (e.g., an alarm condition, sensor fault (e.g., door open, etc.),etc.) 3120 or other data of the security system. For the Gateway, theSPIM listens for a Gateway request (e.g., ‘Arm Panel’, ‘Get Zone Names’,etc.) 3122 directed to the security system. If neither the securitypanel nor Gateway need or provide information, the SPIM continuesmonitoring operations 3113.

In the event that a security panel state change is detected 3120, thenthe SPIM processes the state change information 3121 as described indetail herein, and forwards the new state information to the Gatewayover the Wifi RF link 3124. In the event that the SPIM receives from theGateway a command or request for data from the security panel, the SPIMreceives this request 3123 and formulates a command sequence on thesecurity panel bus 3125. The formulation is followed by animplementation of the command in the native bus protocol 3126 andinvolves details described herein.

In an embodiment, the Gateway is an embedded computer with an IP LAN andWAN connection and a plurality of RF transceivers and software protocolmodules capable of communicating with a plurality of security systemseach with a potentially different RF and software protocol interface.The SPIM can then be a WiFi device, IP LAN wired device, or an RF deviceusing a different protocol such as Z-Wave or Zigbee, for example, sothat the use of the WiFi-to-serial encapsulation can be generalized foruse with other serial interfaces like Z-Wave, Zigbee and other homemanagement devices. Consequently, regardless of the particular deviceinvolved in a system, the WiFi-to-serial encapsulation enables moving ofthe serial device drivers to other locations in a network (near thedevice or radio) to separate them from the WiFi management device oraccess point. For example, the software running on a system controlleris too far from a smart meter to use a local serial adapter (e.g. USBdongle radio) to connect via Zigbee, so the Zigbee dongle is pluggedinto a different device that has a WiFi or TCP connection (like a homerouter or iHub panel) and the encapsulation allows that device to appearlike a local serial device for application purposes.

While an illustrative embodiment of a system consistent with the systemsand methods described herein is described in detail, one of skill in theart will understand that modifications to this architecture may be madewithout departing from the scope of the embodiments described herein.For example, the functionality described herein may be allocateddifferently between client and server, or amongst different servercomponents. Likewise, the entire functionality of the SPIM 2230described herein could be integrated completely within an existingsecurity system 2210. In such an embodiment, the Gateway 2220 could bedirectly integrated with a security system 2210 in a manner consistentwith currently described embodiments herein.

As described herein, the wireless-to-serial encapsulation of anembodiment uses a WiFi coupling or connection. While a security panel orSPIM can incorporate or include a WiFi client directly into the securitypanel or SPIM, embodiments described herein provide a SPIM implementedas a “WiFi SPIM” (WiSPIM) for interfacing to conventional securitysystems. The WiSPIM is a WiFi interface module that is separate from thepanel or SPIM, and enables communication between a conventional securitypanel or SPIM and the iHub.

More particularly, the WiSPIM of an embodiment communicates with thesecurity panel or SPIM using the existing serial line, and communicateswith the iHub (Gateway and/or Touchscreen) via a WiFi coupling orconnection so that no changes are necessary to the legacy securitypanels or SPIMs. The WiSPIM provides transparent serial-to-WiFi bridgingbetween the iHub and legacy security equipment, and includes wirelesssecurity using, for example, WPA2 Personal, and optional addition ofapplication-level encryption via SSL/TLS.

The WiSPIM of an embodiment includes provisioning such that the WiSPIMsWiFi credentials (e.g., authentication keys/passwords, IP address,configuration, settings, etc.) are obtained from the iHub via the WiFicoupling. Furthermore, the WiSPIM includes management functionality inwhich the WiSPIM configuration and status (including WiFi signalstrength, settings, noise, error rates, statistics, etc.) are availableto the iHub via WiFi. Alternatively, the provisioning and accessibilityof configuration and status information of the WiSPIM are accessed usingthe security panel (e.g., keypad-based menus, etc.). The WiSPIM alsosupports over-the-air WiSPIM firmware upgrades.

The WiSPIM receives power from the security panel/SPIM, power adaptor,and/or battery, but is not so limited. The WiSPIM of an embodimentincludes a low-power mode that functions to provide an optional WiSPIMsleep/power-off upon panel AC-power failure, with or without delay.

The WiSPIM of an embodiment includes an optional polling proxy thatsupports off-loading of panel/SPIM polling to the WiSPIM. The optionalpolling proxy is included or used, for example, when the communicationprotocol used by the remote system-to-SPIM or remote system-to-legacysystem is such that polling over the WiFi link is very inefficient, orerror prone, or there are tight timing constraints that cannot beefficiently met on a WiFi link. Security panels and SPIMs from variousmanufacturers present the iHub with different interface protocols, APIs,and methods of message exchange. Interfaces that are asynchronous innature (where the panel/SPIM sends iHub messages-of-interest without anyqueries or prompting) are well suited to running over long-delaynetworks (e.g., Internet, cellular) or local shared-media networks(e.g., WiFi, Ethernet). However, security panel/SPIM interfaces that aresynchronous in nature (where the iHub must continually query or promptthe security panel/SPIM for messages or data) can be inefficient whenrun over long-delay or shared-media networks. In such networks, asecurity panel/SPIM interface that requires polling can cause timing,resource utilization, and reliability problems. The WiSPIM realizesimproved efficiency regarding these issues by off-loading the securitypanel/SPIM polling function that is currently performed by iHub daemonsto the WiSPIM, a feature that is referred to herein as the WiSPIM“Polling Proxy.”

Depending upon the mechanics used by the security panel/SPIM for messageexchange, the WiSPIM acts as one or more of an injection proxy, rewriteproxy, and/or full proxy, but is not limited to these functions. Each ofthese capabilities of the WiSPIM is described in detail herein.

In the roll of an injection proxy, the WiSPIM is a transparentpass-through for non-polling-related messages between the iHub andsecurity panel/SPIM. However, for the polling activities, the pollingproxy injects the required polling-related commands into the messagestream that arrives from iHub via WiFi, and sends the modified messagestream onwards to the security panel/SPIM over the serial line.Similarly, the polling proxy filters out any benign polling-relatedresponses (that is, those messages that are not of interest to iHub)from the message stream received from the security panel/SPIM over theserial line, and forwards the modified stream onwards to the iHub viaWiFi. The WiSPIM is able to act in this injection-proxy fashion when thepolling-related messages do not contain a message sequence number thatis managed by iHub.

Regarding the rewrite proxy, the WiSPIM provides functionality similarto that provided in its role as the injection proxy, except the pollingproxy rewrites the sequence numbers of all messages that pass-throughthe WiSPIM. This additional process performed by the rewrite proxy whenthe security panel/SPIM interface protocols polling-related messages(that is, those messages generated-by or destined-for WiSPIM) include asequence number that is shared with a sequence number in thenon-polling-related messages (that is, those messages generated-by ordestined-for iHub). In this case, the WiSPIM Polling Proxy managesseparate sets of sequence numbers, so that the sequence count appearscontinuous to both the security panel/SPIM and iHub.

As a full proxy, the WiSPIM polling proxy may act as an intermediarybetween the iHub and security panel/SPIM, providing message processing,logic, protocol translation, message timing adjustments, and/or messagebuffering or queuing. In this full-proxy case, messages from the iHuband/or the security panel/SPIM are received by the WiSPIM, parsed, andthen acted upon. For example, the WiSPIM may receive from the iHub aquery of the full sensor-array state (i.e., a request to see the stateof all the panel's sensors), and then the WiSPIM may send the securitypanel/SPIM individual queries on each of the sensors in the system. TheWiSPIM then packages the results into a single sensor state arrayresponse to the iHub. As another example, the WiSPIM may receive a queryfrom the iHub to see if there have been any user-account modificationssince the last query. The WiSPIM polls the panel/SPIM for user-accountdata, compares the panel/SPIM responses to a WiSPIM cache ofuser-account data, and then reports back to the iHub if there were anychanges in the data.

The WiSPIM polling proxy can be explicitly enabled by configurationparameters that are set by the iHub. Else, the WiSPIM polling proxy canbe run in “auto-sense” mode, where the WiSPIM inspects the messagetraffic to-or-from the iHub, and determines the type of securitypanel/SPIM that is connected to the WiSPIM, and the need for the WiSPIMto perform polling on behalf of the iHub. In auto-sense mode, if theWiSPIM detects that the panel type requires polling, and the WiSPIM seesthat the iHub is not performing the required polling, then the WiSPIMpolling proxy is automatically enabled.

Once the polling proxy is enabled, the WiSPIM continuously polls thesecurity panel/SPIM over the serial line interface, looking forpanel/SPIM messages or data that is of interest to the iHub. When asecurity panel/SPIM message or data is found, the WiSPIM asynchronouslysends the message or data to the iHub over a socket connection on theWiFi network.

The WiSPIM polling proxy can perform one or both of message polling anddata polling. In performing message polling, some security panels andSPIMs present master/slave interfaces, where the iHub (master) mustalways query the panel/SPIM (slave) for new messages. The new messagesthemselves may be any of a variety of state changes (arms/disarms,sensor trips, etc.), mode changes (installer programming lead-out,entering walk-test mode, etc.), resource changes (sensors added, usersdeleted, etc.), responses to iHub commands (arm command was successful,sensor bypass attempt failure, etc), message management (commandacknowledgement, command error, etc), or other panel/SPIM communication.As a message proxy, the WiSPIM polling proxy interacts with the securitypanel/SPIM, continuously providing the polling commands that prompt fornew messages to be sent from the panel/SPIM.

For data polling, all security panels maintain internal state data(e.g., arm levels, outstanding alarms and trouble conditions, etc.) andresource data (e.g., collections of sensor, access-code, devices, etc.).However, changes to the state and/or resource data of the securitypanel/SPIM may not be asynchronously sent to the iHub. In such a case,to learn of state and/or resource changes, the iHub polls (that is,periodically queries) the security panel/SPIM. State and/or resourcedata is received by the iHub, the data is compared to a cache of thedata from a previous query, and state and/or resource changes areinferred. Instead of the iHub performing the data polling activity, theWiSPIM polling proxy can perform this data polling instead.

The WiSPIM polling proxy maintains internal statistics (counts over agiven period), including but not limited to polls performed, commandsreceived from the iHub, messages/data of interest forwarded to the iHub,errors encountered, message retries needed, etc. These statistics areavailable to the iHub in-band with the security panel/SPIM messagestream, or out-of-band on a management socket connection.

The WiSPIM polling proxy maintains internal configuration parameters,including but not limited to enable/disable, auto-sense on/off, securitypanel and SPIM type, polling type and level, polling commands used,polling rate, statistic period, etc. These parameters may be configuredby the iHub either in-band with the security panel/SPIM message stream,or out-of-band on a management socket connection.

The integrated security system service is delivered by hosted serversrunning software components that communicate with a variety of clienttypes while interacting with other systems. FIG. 4 is a block diagram ofcomponents of the integrated security system 100, under an embodiment.Following is a more detailed description of the components.

With reference to FIG. 1 and FIG. 4, the iConnect servers 104 support adiverse collection of clients 120 ranging from mobile devices, to PCs,to in-home security devices, to a service provider's internal systems.Most clients 120 are used by end-users, but there are also a number ofclients 120 that are used to operate the service.

Clients 120 used by end-users of the integrated security system 100include, but are not limited to, the following:

-   -   Clients based on gateway client applications 202 (e.g., a        processor-based device running the gateway technology that        manages home security and automation devices).    -   A web browser 204 accessing a Web Portal application, performing        end-user configuration and customization of the integrated        security system service as well as monitoring of in-home device        status, viewing photos and video, etc. Device and user        management can also be performed by this portal application.    -   A mobile device 206 (e.g., PDA, mobile phone, smartphone, etc.)        accessing the integrated security system Mobile Portal. This        type of client 206 is used by end-users to view system status        and perform operations on devices (e.g., turning on a lamp,        arming a security panel, etc.) rather than for system        configuration tasks such as adding a new device or user.    -   PC, smartphone, or browser-based “widget” or ‘apps’ containers        208 that present integrated security system service content, as        well as other third-party content, in simple, targeted ways        (e.g. a widget that resides on a PC desktop and shows live video        from a single in-home camera). “Widget” as used herein means        applications or programs in the system.    -   Touchscreen home security keypads 208 and advanced in-home        devices that present a variety of content widgets via an        intuitive touchscreen user interface.    -   Notification recipients 210 (e.g., cell phones that receive        SMS-based notifications when certain events occur (or don't        occur), email clients that receive an email message with similar        information, etc.).    -   Custom-built clients (not shown) that access the iConnect web        services XML or REST API to interact with users' home security        and self-monitoring information in new and unique ways. Such        clients could include new types of mobile devices, native mobile        applications, ‘hybrid mobile applications that combine native        mobile device code with HTML4/5 interfaces and Javascript        functionality, or complex applications where integrated security        system content is integrated into a broader set of application        features.

In addition to the end-user clients, the iConnect servers 104 support PCbrowser-based Service Management clients that manage the ongoingoperation of the overall service. These clients run applications thathandle tasks such as provisioning, service monitoring, customer supportand reporting.

There are numerous types of server components of the iConnect servers104 of an embodiment including, but not limited to, the following:Business Components which manage information about all of the homesecurity and self-monitoring devices; End-User Application Componentswhich display that information for users and access the BusinessComponents via published XML APIs; and Service Management ApplicationComponents which enable operators to administer the service (thesecomponents also access the Business Components via the XML APIs, andalso via published SNMP MIBs).

The server components provide access to, and management of, the objectsassociated with an integrated security system installation. Thetop-level object is the “network.” It is a location where a gateway 102is located, and is also commonly referred to as a site or premises; thepremises can include any type of structure (e.g., home, office,warehouse, etc.) at which a gateway 102 is located. Users can onlyaccess the networks to which they have been granted permission. Within anetwork, every object monitored by the gateway 102 is called a device.Devices include the sensors, cameras, home security panels andautomation devices, as well as the controller or processor-based devicerunning the gateway applications.

Various types of interactions are possible between the objects in asystem. Automations define actions that occur as a result of a change instate of a device. For example, take a picture with the front entrycamera when the front door sensor changes to “open”. Notifications aremessages sent to users to indicate that something has occurred, such asthe front door going to “open” state, or has not occurred (referred toas an iWatch notification). Schedules define changes in device statesthat are to take place at predefined days and times. For example, setthe security panel to “Armed” mode every weeknight at 11:00 pm.

The iConnect Business Components are responsible for orchestrating allof the low-level service management activities for the integratedsecurity system service. They define all of the users and devicesassociated with a network (site), analyze how the devices interact, andtrigger associated actions (such as sending notifications to users). Allchanges in device states are monitored and logged. The BusinessComponents also manage all interactions with external systems asrequired, including sending alarms and other related self-monitoringdata to the home security Central Monitoring System (CMS) 199. TheBusiness Components are implemented as portable Java J2EE Servlets, butare not so limited.

The following iConnect Business Components manage the main elements ofthe integrated security system service, but the embodiment is not solimited:

-   -   A Registry Manager 220 defines and manages users and networks.        This component is responsible for the creation, modification and        termination of users and networks. It is also where a user's        access to networks is defined.    -   A Network Manager 222 defines and manages security and        self-monitoring devices that are deployed on a network (site).        This component handles the creation, modification, deletion and        configuration of the devices, as well as the creation of        automations, schedules and notification rules associated with        those devices.    -   A Data Manager 224 manages access to current and logged state        data for an existing network and its devices. This component        specifically does not provide any access to network management        capabilities, such as adding new devices to a network, which are        handled exclusively by the Network Manager 222.    -   To achieve optimal performance for all types of queries, data        for current device states is stored separately from historical        state data (a.k.a. “logs”) in the database. A Log Data Manager        226 performs ongoing transfers of current device state data to        the historical data log tables.

Additional iConnect Business Components handle direct communicationswith certain clients and other systems, for example:

-   -   An iHub Manager 228 directly manages all communications with        gateway clients, including receiving information about device        state changes, changing the configuration of devices, and        pushing new versions of the gateway client to the hardware it is        running on.    -   A Notification Manager 230 is responsible for sending all        notifications to clients via SMS (mobile phone messages), email        (via a relay server like an SMTP email server), etc.    -   An Alarm and CMS Manager 232 sends critical server-generated        alarm events to the home security Central Monitoring Station        (CMS) and manages all other communications of integrated        security system service data to and from the CMS.    -   The Element Management System (EMS) 234 is an iControl Business        Component that manages all activities associated with service        installation, scaling and monitoring, and filters and packages        service operations data for use by service management        applications. The SNMP MIBs published by the EMS can also be        incorporated into any third party monitoring system if desired.

The iConnect Business Components store information about the objectsthat they manage in the iControl Service Database 240 and in theiControl Content Store 242. The iControl Content Store is used to storemedia objects like video, photos and widget content, while the ServiceDatabase stores information about users, networks, and devices. Databaseinteraction is performed via a JDBC interface. For security purposes,the Business Components manage all data storage and retrieval.

The iControl Business Components provide web services-based APIs thatapplication components use to access the Business Components'capabilities. Functions of application components include presentingintegrated security system service data to end-users, performingadministrative duties, and integrating with external systems andback-office applications.

The primary published APIs for the iConnect Business Components include,but are not limited to, the following:

-   -   A Registry Manager API 252 provides access to the Registry        Manager Business Component's functionality, allowing management        of networks and users.    -   A Network Manager API 254 provides access to the Network Manager        Business Component's functionality, allowing management of        devices on a network.    -   A Data Manager API 256 provides access to the Data Manager        Business Component's functionality, such as setting and        retrieving (current and historical) data about device states.    -   A Provisioning API 258 provides a simple way to create new        networks and configure initial default properties.

Each API of an embodiment includes three modes of access that includeJava API, REST API, or XML API, but the embodiment is not so limited.The XML APIs are published as web services so that they can be easilyaccessed by applications or servers over a network. The Java APIs are aprogrammer-friendly wrapper for the XML APIs. The REST APIs areaccessible through Javascriptor Java and provide an extremely flexibileapproach to building user interfaces or new application components.Application components and integrations written in Java should generallyuse the Java APIs rather than the XML APIs directly.

The iConnect Business Components also have an XML-based interface 260for quickly adding support for new devices to the integrated securitysystem. This interface 260, referred to as DeviceConnect 260, is aflexible, standards-based mechanism for defining the properties of newdevices and how they can be managed. Although the format is flexibleenough to allow the addition of any type of future device, pre-definedXML profiles are currently available for adding common types of devicessuch as sensors (SensorConnect), home security panels (PanelConnect) andIP cameras (CameraConnect).

The iConnect End-User Application Components deliver the user interfacesthat run on the different types of clients supported by the integratedsecurity system service. The components are written in portable JavaJ2EE technology (e.g., as Java Servlets, as JavaServer Pages (JSPs),etc.) and they all interact with the iControl Business Components viathe published APIs.

The following End-User Application Components generate CSS-basedHTML/JavaScript that is displayed on the target client. Theseapplications can be dynamically branded with partner-specific logos andURL links (such as Customer Support, etc.). The End-User ApplicationComponents of an embodiment include, but are not limited to, thefollowing:

-   -   An iControl Activation Application 270 that delivers the first        application that a user sees when they set up the integrated        security system service. This wizard-based web browser        application securely associates a new user with a purchased        gateway and the other devices included with it as a kit (if        any). It primarily uses functionality published by the        Provisioning API.    -   An iControl Web Portal Application 272 runs on PC browsers and        delivers the web-based interface to the integrated security        system service. This application allows users to manage their        networks (e.g. add devices and create automations) as well as to        view/change device states, and manage pictures and videos.        Because of the wide scope of capabilities of this application,        it uses three different Business Component APIs that include the        Registry Manager API, Network Manager API, and Data Manager API,        but the embodiment is not so limited.    -   An iControl Mobile Portal 274 is a small-footprint web-based        interface that runs on mobile phones and PDAs, as well as a        hybrid web and native code module for smartphones. This        interface is optimized for remote viewing of device states and        pictures/videos rather than network management. As such, its        interaction with the Business Components is primarily via the        Data Manager API. Mobile applications typically utilize the REST        API framework for management and presentation of system        information.    -   Custom portals and targeted client applications can be provided        that leverage the same Business Component APIs used by the above        applications.    -   A Content Manager Application Component 276 delivers content to        a variety of clients. It sends multimedia-rich user interface        components to widget container clients (both PC and        browser-based), as well as to advanced touchscreen keypad        clients. In addition to providing content directly to end-user        devices, the Content Manager 276 provides widget-based user        interface components to satisfy requests from other Application        Components such as the iControl Web 272 and Mobile 274 portals.

A number of Application Components are responsible for overallmanagement of the service. These pre-defined applications, referred toas Service Management Application Components, are configured to offeroff-the-shelf solutions for production management of the integratedsecurity system service including provisioning, overall servicemonitoring, customer support, and reporting, for example. The ServiceManagement Application Components of an embodiment include, but are notlimited to, the following:

-   -   A Service Management Application 280 allows service        administrators to perform activities associated with service        installation, scaling and monitoring/alerting. This application        interacts heavily with the Element Management System (EMS)        Business Component to execute its functionality, and also        retrieves its monitoring data from that component via protocols        such as SNMP MIBs.    -   A Kitting Application 282 is used by employees performing        service provisioning tasks. This application allows home        security and self-monitoring devices to be associated with        gateways during the warehouse kitting process.    -   A CSR Application and Report Generator 284 is used by personnel        supporting the integrated security system service, such as CSRs        resolving end-user issues and employees enquiring about overall        service usage. Pushes of new gateway firmware to deployed        gateways is also managed by this application.

The iConnect servers 104 also support custom-built integrations with aservice provider's existing OSS/BSS, CSR and service delivery systems290. Such systems can access the iConnect web services XML API totransfer data to and from the iConnect servers 104. These types ofintegrations can compliment or replace the PC browser-based ServiceManagement applications, depending on service provider needs.

As described above, the integrated security system of an embodimentincludes a gateway, or iHub. The gateway of an embodiment includes adevice that is deployed in the home or business and couples or connectsthe various third-party cameras, home security panels, sensors anddevices to the iConnect server over a WAN connection as described indetail herein. The gateway couples to the home network and/or a cellularnetwork and communicates directly with the home security panel in bothwired and wireless sensor installations. The gateway is configured to below-cost, reliable and thin so that it complements the integratedsecurity system network-based architecture.

The gateway supports various wireless protocols and can interconnectwith a wide range of home security control panels. Service providers andusers can then extend the system's capabilities by adding IP cameras,lighting modules and additional security devices. The gateway isconfigurable to be integrated into many consumer appliances, includingset-top boxes, routers and security panels. The small and efficientfootprint of the gateway enables this portability and versatility,thereby simplifying and reducing the overall cost of the deployment.

FIG. 5 is a block diagram of the gateway 102 including gateway softwareor applications, under an embodiment. The gateway software architectureis relatively thin and efficient, thereby simplifying its integrationinto other consumer appliances such as set-top boxes, routers, touchscreens and security panels. The software architecture also provides ahigh degree of security against unauthorized access. This sectiondescribes the various key components of the gateway softwarearchitecture.

The gateway application layer 302 is the main program that orchestratesthe operations performed by the gateway. The Security Engine 304provides robust protection against intentional and unintentionalintrusion into the integrated security system network from the outsideworld (both from inside the premises as well as from the WAN). TheSecurity Engine 304 of an embodiment comprises one or more sub-modulesor components that perform functions including, but not limited to, thefollowing:

-   -   Encryption including 128-bit SSL encryption for gateway and        iConnect server communication to protect user data privacy and        provide secure communication.    -   Bi-directional authentication between the gateway and iConnect        server in order to prevent unauthorized spoofing and attacks.        Data sent from the iConnect server to the gateway application        (or vice versa) is digitally signed as an additional layer of        security. Digital signing provides both authentication and        validation that the data has not been altered in transit.    -   Camera SSL encapsulation because picture and video traffic        offered by off-the-shelf networked IP cameras is not secure when        traveling over the Internet. The gateway provides for 128-bit        SSL encapsulation of the user picture and video data sent over        the internet for complete user security and privacy.    -   802.11b/g/n with WPA-2 security to ensure that wireless camera        communications always takes place using the strongest available        protection.    -   A gateway-enabled device is assigned a unique activation key for        activation with an iConnect server. This ensures that only valid        gateway-enabled devices can be activated for use with the        specific instance of iConnect server in use. Attempts to        activate gateway-enabled devices by brute force are detected by        the Security Engine. Partners deploying gateway-enabled devices        have the knowledge that only a gateway with the correct serial        number and activation key can be activated for use with an        iConnect server. Stolen devices, devices attempting to        masquerade as gateway-enabled devices, and malicious outsiders        (or insiders as knowledgeable but nefarious customers) cannot        effect other customers' gateway-enabled devices.

As standards evolve, and new encryption and authentication methods areproven to be useful, and older mechanisms proven to be breakable, thesecurity manager can be upgraded “over the air” to provide new andbetter security for communications between the iConnect server and thegateway application, and locally at the premises to remove any risk ofeavesdropping on camera communications.

A Remote Firmware Download module 306 allows for seamless and secureupdates to the gateway firmware through the iControl MaintenanceApplication on the server 104, providing a transparent, hassle-freemechanism for the service provider to deploy new features and bug fixesto the installed user base. The firmware download mechanism is tolerantof connection loss, power interruption and user interventions (bothintentional and unintentional). Such robustness reduces down time andcustomer support issues. Gateway firmware can be remotely downloadeither for one gateway at a time, a group of gateways, or in batches.

The Automations engine 308 manages the user-defined rules of interactionbetween the different devices (e.g. when door opens turn on the light).Though the automation rules are programmed and reside at theportal/server level, they are cached at the gateway level in order toprovide short latency between device triggers and actions.

DeviceConnect 310 includes definitions of all supported devices (e.g.,cameras, security panels, sensors, etc.) using a standardized plug-inarchitecture. The DeviceConnect module 310 offers an interface that canbe used to quickly add support for any new device as well as enablinginteroperability between devices that use differenttechnologies/protocols. For common device types, pre-defined sub-moduleshave been defined, making supporting new devices of these types eveneasier. SensorConnect 312 is provided for adding new sensors,CameraConnect 316 for adding IP cameras, and PanelConnect 314 for addinghome security panels.

The Schedules engine 318 is responsible for executing the user definedschedules (e.g., take a picture every five minutes; every day at 8 amset temperature to 65 degrees Fahrenheit, etc.). Though the schedulesare programmed and reside at the iConnect server level they are sent tothe scheduler within the gateway application. The Schedules Engine 318then interfaces with SensorConnect 312 to ensure that scheduled eventsoccur at precisely the desired time.

The Device Management module 320 is in charge of all discovery,installation and configuration of both wired and wireless IP devices(e.g., cameras, etc.) coupled or connected to the system. Networked IPdevices, such as those used in the integrated security system, requireuser configuration of many IP and security parameters—to simplify theuser experience and reduce the customer support burden, the devicemanagement module of an embodiment handles the details of thisconfiguration. The device management module also manages the videorouting module described below.

The video routing engine 322 is responsible for delivering seamlessvideo streams to the user with zero-configuration. Through a multi-step,staged approach the video routing engine uses a combination of UPnPport-forwarding, relay server routing and STUN/TURN peer-to-peerrouting.

FIG. 6 is a block diagram of components of the gateway 102, under anembodiment. Depending on the specific set of functionality desired bythe service provider deploying the integrated security system service,the gateway 102 can use any of a number of processors 402, due to thesmall footprint of the gateway application firmware. In an embodiment,the gateway could include the Broadcom BCM5354 as the processor forexample. In addition, the gateway 102 includes memory (e.g., FLASH 404,RAM 406, etc.) and any number of input/output (I/O) ports 408.

Referring to the WAN portion 410 of the gateway 102, the gateway 102 ofan embodiment can communicate with the iConnect server using a number ofcommunication types and/or protocols, for example Broadband 412, GPRS(or any cellular network such as 3G, LTE, etc.) 414 and/or PublicSwitched Telephone Network (PTSN) 416 to name a few. In general,broadband communication 412 is the primary means of connection betweenthe gateway 102 and the iConnect server 104 and the GPRS/CDMA/3G 414and/or PSTN 416 interfaces acts as back-up for fault tolerance in casethe user's broadband connection fails for whatever reason, but theembodiment is not so limited. In an embodiment cellular communicationsis the primary means of communications between the Gateway and theservers and CMS, but is not so limited. Referring to the LAN portion 420of the gateway 102, various protocols and physical transceivers can beused to communicate to off-the-shelf sensors and cameras. The gateway102 is protocol-agnostic and technology-agnostic and as such can easilysupport almost any device networking protocol. The gateway 102 can, forexample, support GE and Honeywell security RF protocols 422, Z-Wave 424,serial (RS232 and RS485) 426 for direct connection to security panels aswell as WiFi 428 (802.11b/g) for communication to WiFi cameras.

The integrated security system includes couplings or connections among avariety of IP devices or components, and the device management module isin charge of the discovery, installation and configuration of the IPdevices coupled or connected to the system, as described above. Theintegrated security system of an embodiment uses a “sandbox” network todiscover and manage all IP devices coupled or connected as components ofthe system. The IP devices of an embodiment include wired devices,wireless devices, cameras, interactive touchscreens, and security panelsto name a few. These devices can be wired via ethernet cable or Wifidevices, all of which are secured within the sandbox network, asdescribed below. The “sandbox” network is described in detail below.

FIG. 7 is a block diagram 500 of network or premise device integrationwith a premise network 250, under an embodiment. In an embodiment,network devices 255-257 are coupled to the gateway 102 using a securenetwork coupling or connection such as SSL over an encrypted 802.11 link(utilizing for example WPA-2 security for the wireless encryption) orZ-Wave/Zigbee RF communications. The network coupling or connectionbetween the gateway 102 and the network devices 255-257 is a privatecoupling or connection in that it is segregated from any other networkcouplings or connections. The gateway 102 is coupled to the premiserouter/firewall 252 via a coupling with a premise LAN 250. The premiserouter/firewall 252 is coupled to a broadband modem 251, and thebroadband modem 251 is coupled to a WAN 200 or other network outside thepremise. The gateway 102 thus enables or forms a separate wirelessnetwork, or sub-network, that includes some number of devices and iscoupled or connected to the LAN 250 of the host premises. The gatewaysub-network can include, but is not limited to, any number of otherdevices like WiFi IP cameras, security panels (e.g., IP-enabled),thermostats, lighting device, locks, and security touchscreens, to namea few. The gateway 102 manages or controls the sub-network separatelyfrom the LAN 250 and transfers data and information between componentsof the sub-network and the LAN 250/WAN 200, but is not so limited.Additionally, other network devices 254 can be coupled to the LAN 250without being coupled to the gateway 102.

FIG. 8 is a block diagram 600 of network or premise device integrationwith a premise network 250, under an alternative embodiment. The networkor premise devices 255-257 are coupled to the gateway 102. The networkcoupling or connection between the gateway 102 and the network devices255-257 is a private coupling or connection in that it is segregatedfrom any other network couplings or connections. The gateway 102 iscoupled or connected between the premise router/firewall 252 and thebroadband modem 251. The broadband modem 251 is coupled to a WAN 200 orother network outside the premise, while the premise router/firewall 252is coupled to a premise LAN 250. As a result of its location between thebroadband modem 251 and the premise router/firewall 252, the gateway 102can be configured or function as the premise router routing specifieddata between the outside network (e.g., WAN 200) and the premiserouter/firewall 252 of the LAN 250. As described above, the gateway 102in this configuration enables or forms a separate wireless network, orsub-network, that includes the network or premise devices 255-257 and iscoupled or connected between the LAN 250 of the host premises and theWAN 200. The gateway sub-network can include, but is not limited to, anynumber of network or premise devices 255-257 like WiFi IP cameras,security panels (e.g., IP-enabled), and security touchscreens, to name afew. The gateway 102 manages or controls the sub-network separately fromthe LAN 250 and transfers data and information between components of thesub-network and the LAN 250/WAN 200, but is not so limited.Additionally, other network devices 254 can be coupled to the LAN 250without being coupled to the gateway 102.

The examples described above with reference to FIGS. 7 and 8 arepresented only as examples of IP device integration. The integratedsecurity system is not limited to the type, number and/or combination ofIP devices shown and described in these examples, and any type, numberand/or combination of IP devices is contemplated within the scope ofthis disclosure as capable of being integrated with the premise network.

The integrated security system of an embodiment includes a touchscreen(also referred to as the iControl touchscreen or integrated securitysystem touchscreen), as described above, which provides core securitykeypad functionality, content management and presentation, and embeddedsystems design. The networked security touchscreen system of anembodiment enables a consumer or security provider to easily andautomatically install, configure and manage the security system andtouchscreen located at a customer premise. Using this system thecustomer may access and control the local security system, local IPdevices such as cameras, local sensors and control devices (such aslighting controls or pipe freeze sensors), as well as the local securitysystem panel and associated security sensors (such as door/window,motion, and smoke detectors). The customer premise may be a home,business, and/or other location equipped with a wired or wirelessbroadband IP connection.

The system of an embodiment includes a touchscreen with a configurablesoftware user interface and/or a gateway device (e.g., iHub) thatcouples or connects to a premise security panel through a wired orwireless connection, and a remote server that provides access to contentand information from the premises devices to a user when they are remotefrom the home. The touchscreen supports broadband and/or WAN wirelessconnectivity. In this embodiment, the touchscreen incorporates an IPbroadband connection (e.g., Wifi radio, Ethernet port, etc.), and/or acellular radio (e.g., GPRS/GSM, CDMA, WiMax, etc.). The touchscreendescribed herein can be used as one or more of a security systeminterface panel and a network user interface (UI) that provides aninterface to interact with a network (e.g., LAN, WAN, internet, etc.).

The touchscreen of an embodiment provides an integrated touchscreen andsecurity panel as an all-in-one device. Once integrated using thetouchscreen, the touchscreen and a security panel of a premise securitysystem become physically co-located in one device, and the functionalityof both may even be co-resident on the same CPU and memory (though thisis not required).

The touchscreen of an embodiment also provides an integrated IP videoand touchscreen UI. As such, the touchscreen supports one or morestandard video CODECs/players (e.g., H.264, Flash Video, MOV, MPEG4,M-JPEG, etc.). The touchscreen UI then provides a mechanism (such as acamera or video widget) to play video. In an embodiment the video isstreamed live from an IP video camera. In other embodiments the videocomprises video clips or photos sent from an IP camera or from a remotelocation.

The touchscreen of an embodiment provides a configurable user interfacesystem that includes a configuration supporting use as a securitytouchscreen. In this embodiment, the touchscreen utilizes a modular userinterface that allows components to be modified easily by a serviceprovider, an installer, or even the end user. Examples of such a modularapproach include using Flash widgets, HTML-based widgets, or otherdownloadable code modules such that the user interface of thetouchscreen can be updated and modified while the application isrunning. In an embodiment the touchscreen user interface modules can bedownloaded over the internet. For example, a new security configurationwidget can be downloaded from a standard web server, and the touchscreenthen loads such configuration app into memory, and inserts it in placeof the old security configuration widget. The touchscreen of anembodiment is configured to provide a self-install user interface.

Embodiments of the networked security touchscreen system describedherein include a touchscreen device with a user interface that includesa security toolbar providing one or more functions including arm,disarm, panic, medic, and alert. The touchscreen therefore includes atleast one screen having a separate region of the screen dedicated to asecurity toolbar. The security toolbar of an embodiment is present inthe dedicated region at all times that the screen is active.

The touchscreen of an embodiment includes a home screen having aseparate region of the screen allocated to managing home-basedfunctions. The home-based functions of an embodiment include managing,viewing, and/or controlling IP video cameras. In this embodiment,regions of the home screen are allocated in the form of widget icons;these widget icons (e.g. for cameras, thermostats, lighting, etc)provide functionality for managing home systems. So, for example, adisplayed camera icon, when selected, launches a Camera Widget, and theCamera widget in turn provides access to video from one or more cameras,as well as providing the user with relevant camera controls (take apicture, focus the camera, etc.)

The touchscreen of an embodiment includes a home screen having aseparate region of the screen allocated to managing, viewing, and/orcontrolling internet-based content or applications. For example, theWidget Manager UI presents a region of the home screen (up to andincluding the entire home screen) where internet widgets icons such asweather, sports, etc. may be accessed). Each of these icons may beselected to launch their respective content services.

The touchscreen of an embodiment is integrated into a premise networkusing the gateway, as described above. The gateway as described hereinfunctions to enable a separate wireless network, or sub-network, that iscoupled, connected, or integrated with another network (e.g., WAN, LANof the host premises, etc.). The sub-network enabled by the gatewayoptimizes the installation process for IP devices, like the touchscreen,that couple or connect to the sub-network by segregating these IPdevices from other such devices on the network. This segregation of theIP devices of the sub-network further enables separate security andprivacy policies to be implemented for these IP devices so that, wherethe IP devices are dedicated to specific functions (e.g., security), thesecurity and privacy policies can be tailored specifically for thespecific functions. Furthermore, the gateway and the sub-network itforms enables the segregation of data traffic, resulting in faster andmore efficient data flow between components of the host network,components of the sub-network, and between components of the sub-networkand components of the network.

The touchscreen of an embodiment includes a core functional embeddedsystem that includes an embedded operating system, required hardwaredrivers, and an open system interface to name a few. The core functionalembedded system can be provided by or as a component of a conventionalsecurity system (e.g., security system available from GE Security).These core functional units are used with components of the integratedsecurity system as described herein. Note that portions of thetouchscreen description below may include reference to a host premisesecurity system (e.g., GE security system), but these references areincluded only as an example and do not limit the touchscreen tointegration with any particular security system.

As an example, regarding the core functional embedded system, a reducedmemory footprint version of embedded Linux forms the core operatingsystem in an embodiment, and provides basic TCP/IP stack and memorymanagement functions, along with a basic set of low-level graphicsprimitives. A set of device drivers is also provided or included thatoffer low-level hardware and network interfaces. In addition to thestandard drivers, an interface to the RS 485 bus is included thatcouples or connects to the security system panel (e.g., GE Concordpanel). The interface may, for example, implement the Superbus 2000protocol, which can then be utilized by the more comprehensivetransaction-level security functions implemented in PanelConnecttechnology (e.g SetAlarmLevel (int level, int partition, char*accessCode)). Power control drivers are also provided.

FIG. 9 is a block diagram of a touchscreen 700 of the integratedsecurity system, under an embodiment. The touchscreen 700 generallyincludes an application/presentation layer 702 with a residentapplication 704, and a core engine 706. The touchscreen 700 alsoincludes one or more of the following, but is not so limited:applications of premium services 710, widgets 712, a caching proxy 714,network security 716, network interface 718, security object 720,applications supporting devices 722, PanelConnect API 724, a gatewayinterface 726, and one or more ports 728.

More specifically, the touchscreen, when configured as a home securitydevice, includes but is not limited to the following application orsoftware modules: RS 485 and/or RS-232 bus security protocols toconventional home security system panel (e.g., GE Concord panel);functional home security classes and interfaces (e.g. Panel ARM state,Sensor status, etc.); Application/Presentation layer or engine; ResidentApplication; Consumer Home Security Application; installer home securityapplication; core engine; and System bootloader/Software Updater. Thecore Application engine and system bootloader can also be used tosupport other advanced content and applications. This provides aseamless interaction between the premise security application and otheroptional services such as weather widgets or IP cameras.

An alternative configuration of the touchscreen includes a firstApplication engine for premise security and a second Application enginefor all other applications. The integrated security system applicationengine supports content standards such as HTML, XML, Flash, etc. andenables a rich consumer experience for all ‘widgets’, whethersecurity-based or not. The touchscreen thus provides service providersthe ability to use web content creation and management tools to buildand download any ‘widgets’ regardless of their functionality.

As discussed above, although the Security Applications have specificlow-level functional requirements in order to interface with the premisesecurity system, these applications make use of the same fundamentalapplication facilities as any other ‘widget’, application facilitiesthat include graphical layout, interactivity, application handoff,screen management, and network interfaces, to name a few.

Content management in the touchscreen provides the ability to leverageconventional web development tools, performance optimized for anembedded system, service provider control of accessible content, contentreliability in a consumer device, and consistency between ‘widgets’ andseamless widget operational environment. In an embodiment of theintegrated security system, widgets are created by web developers andhosted on the integrated security system Content Manager (and stored inthe Content Store database). In this embodiment the server componentcaches the widgets and offers them to consumers through the web-basedintegrated security system provisioning system. The servers interactwith the advanced touchscreen using HTTPS interfaces controlled by thecore engine and dynamically download widgets and updates as needed to becached on the touchscreen. In other embodiments widgets can be accesseddirectly over a network such as the Internet without needing to gothrough the iControl Content Manager

Referring to FIG. 9, the touchscreen system is built on a tieredarchitecture, with defined interfaces between theApplication/Presentation Layer (the Application Engine) on the top, theCore Engine in the middle, and the security panel and gateway APIs atthe lower level. The architecture is configured to provide maximumflexibility and ease of maintenance.

The application engine of the touchscreen provides the presentation andinteractivity capabilities for all applications (widgets) that run onthe touchscreen, including both core security function widgets and thirdparty content widgets. FIG. 10 is an example screenshot 800 of anetworked security touchscreen, under an embodiment. This examplescreenshot 800 includes three interfaces or user interface (UI)components 802-806, but is not so limited. A first UI 802 of thetouchscreen includes icons by which a user controls or accessesfunctions and/or components of the security system (e.g., “Main”,“Panic”, “Medic”, “Fire”, state of the premise alarm system (e.g.,disarmed, armed, etc.), etc.); the first UI 802, which is also referredto herein as a security interface, is always presented on thetouchscreen. A second UI 804 of the touchscreen includes icons by whicha user selects or interacts with services and other network content(e.g., clock, calendar, weather, stocks, news, sports, photos, maps,music, etc.) that is accessible via the touchscreen. The second UI 804is also referred to herein as a network interface or content interface.A third UI 806 of the touchscreen includes icons by which a user selectsor interacts with additional services or componets (e.g., intercomcontrol, security, cameras coupled to the system in particular regions(e.g., front door, baby, etc.) available via the touchscreen.

A component of the application engine is the Presentation Engine, whichincludes a set of libraries that implement the standards-based widgetcontent (e.g., XML, HTML, JavaScript, Flash) layout and interactivity.This engine provides the widget with interfaces to dynamically load bothgraphics and application logic from third parties, support high leveldata description language as well as standard graphic formats. The setof web content-based functionality available to a widget developer isextended by specific touchscreen functions implemented as local webservices by the Core Engine.

The resident application of the touchscreen is the master service thatcontrols the interaction of all widgets in the system, and enforces thebusiness and security rules required by the service provider. Forexample, the resident application determines the priority of widgets,thereby enabling a home security widget to override resource requestsfrom a less critical widget (e.g. a weather widget). The residentapplication also monitors widget behavior, and responds to client orserver requests for cache updates.

The core engine of the touchscreen manages interaction with othercomponents of the integrated security system, and provides an interfacethrough which the resident application and authorized widgets can getinformation about the home security system, set alarms, install sensors,etc. At the lower level, the Core Engine's main interactions are throughthe PanelConnect API, which handles all communication with the securitypanel, and the gateway Interface, which handles communication with thegateway. In an embodiment, both the iHub Interface and PanelConnect APIare resident and operating on the touchscreen. In another embodiment,the PanelConnect API runs on the gateway or other device that providessecurity system interaction and is accessed by the touchscreen through aweb services interface.

The Core Engine also handles application and service level persistentand cached memory functions, as well as the dynamic provisioning ofcontent and widgets, including but not limited to: flash memorymanagement, local widget and content caching, widget version management(download, cache flush new/old content versions), as well as the cachingand synchronization of user preferences. As a portion of these servicesthe Core engine incorporates the bootloader functionality that isresponsible for maintaining a consistent software image on thetouchscreen, and acts as the client agent for all software updates. Thebootloader is configured to ensure full update redundancy so thatunsuccessful downloads cannot corrupt the integrated security system.

Video management is provided as a set of web services by the CoreEngine. Video management includes the retrieval and playback of localvideo feeds as well as remote control and management of cameras (allthrough iControl CameraConnect technology).

Both the high level application layer and the mid-level core engine ofthe touchscreen can make calls to the network. Any call to the networkmade by the application layer is automatically handed off to a localcaching proxy, which determines whether the request should be handledlocally. Many of the requests from the application layer are webservices API requests; although such requests could be satisfied by theiControl servers, they are handled directly by the touchscreen and thegateway. Requests that get through the caching proxy are checked againsta white list of acceptable sites, and, if they match, are sent offthrough the network interface to the gateway. Included in the NetworkSubsystem is a set of network services including HTTP, HTTPS, andserver-level authentication functions to manage the secure client-serverinterface. Storage and management of certificates is incorporated as apart of the network services layer.

Server components of the integrated security system servers supportinteractive content services on the touchscreen. These server componentsinclude, but are not limited to the content manager, registry manager,network manager, and global registry, each of which is described herein.

The Content Manager oversees aspects of handling widget data and rawcontent on the touchscreen. Once created and validated by the serviceprovider, widgets are ‘ingested’ to the Content Manager, and then becomeavailable as downloadable services through the integrated securitysystem Content Management APIs. The Content manager maintains versionsand timestamp information, and connects to the raw data contained in thebackend Content Store database. When a widget is updated (or new contentbecomes available) all clients registering interest in a widget aresystematically updated as needed (a process that can be configured at anaccount, locale, or system-wide level).

The Registry Manager handles user data, and provisioning accounts,including information about widgets the user has decided to install, andthe user preferences for these widgets.

The Network Manager handles getting and setting state for all devices onthe integrated security system network (e.g., sensors, panels, cameras,etc.). The Network manager synchronizes with the gateway, the advancedtouchscreen, and the subscriber database.

The Global Registry is a primary starting point server for all clientservices, and is a logical referral service that abstracts specificserver locations/addresses from clients (touchscreen, gateway 102,desktop widgets, etc.). This approach enables easy scaling/migration ofserver farms.

The touchscreen of an embodiment operates wirelessly with a premisesecurity system. The touchscreen of an embodiment incorporates an RFtransceiver component that either communicates directly with the sensorsand/or security panel over the panel's proprietary RF frequency, or thetouchscreen communicates wirelessly to the gateway over 802.11,Ethernet, or other IP-based communications channel, as described indetail herein. In the latter case the gateway implements thePanelConnect interface and communicates directly to the security paneland/or sensors over wireless or wired networks as described in detailabove.

The touchscreen of an embodiment is configured to operate with multiplesecurity systems through the use of an abstracted security systeminterface. In this embodiment, the PanelConnect API can be configured tosupport a plurality of proprietary security system interfaces, eithersimultaneously or individually as described herein. In one embodiment ofthis approach, the touchscreen incorporates multiple physical interfacesto security panels (e.g. GE Security RS-485, Honeywell RF, etc.) inaddition to the PanelConnect API implemented to support multiplesecurity interfaces. The change needed to support this in PanelConnectis a configuration parameter specifying the panel type connection thatis being utilized.

So for example, the setARMState( ) function is called with an additionalparameter (e.g., Armstate=setARMState(type=“ARM STAY|ARM AWAY|DISARM”,Parameters=“ExitDelay=30|Lights=OFF”, panelType=“GE Concord4 RS485”)).The ‘panelType’ parameter is used by the setARMState function (and inpractice by all of the PanelConnect functions) to select an algorithmappropriate to the specific panel out of a plurality of alogorithms.

The touchscreen of an embodiment is self-installable. Consequently, thetouchscreen provides a ‘wizard’ approach similar to that used intraditional computer installations (e.g. InstallShield). The wizard canbe resident on the touchscreen, accessible through a web interface, orboth. In one embodiment of a touchscreen self-installation process, theservice provider can associate devices (sensors, touchscreens, securitypanels, lighting controls, etc.) remotely using a web-basedadministrator interface.

The touchscreen of an embodiment includes a battery backup system for asecurity touchscreen. The touchscreen incorporates a standard Li-ion orother battery and charging circuitry to allow continued operation in theevent of a power outage. In an embodiment the battery is physicallylocated and connected within the touchscreen enclosure. In anotherembodiment the battery is located as a part of the power transformer, orin between the power transformer and the touchscreen.

The example configurations of the integrated security system describedabove with reference to FIGS. 7 and 8 include a gateway that is aseparate device, and the touchscreen couples to the gateway. However, inan alternative embodiment, the gateway device and its functionality canbe incorporated into the touchscreen so that the device managementmodule, which is now a component of or included in the touchscreen, isin charge of the discovery, installation and configuration of the IPdevices coupled or connected to the system, as described above. Theintegrated security system with the integrated touchscreen/gateway usesthe same “sandbox” network to discover and manage all IP devices coupledor connected as components of the system.

The touchscreen of this alternative embodiment integrates the componentsof the gateway with the components of the touchscreen as describedherein. More specifically, the touchscreen of this alternativeembodiment includes software or applications described above withreference to FIG. 5. In this alternative embodiment, the touchscreenincludes the gateway application layer 302 as the main program thatorchestrates the operations performed by the gateway. A Security Engine304 of the touchscreen provides robust protection against intentionaland unintentional intrusion into the integrated security system networkfrom the outside world (both from inside the premises as well as fromthe WAN). The Security Engine 304 of an embodiment comprises one or moresub-modules or components that perform functions including, but notlimited to, the following:

-   -   Encryption including 128-bit SSL encryption for gateway and        iConnect server communication to protect user data privacy and        provide secure communication.    -   Bi-directional authentication between the touchscreen and        iConnect server in order to prevent unauthorized spoofing and        attacks. Data sent from the iConnect server to the gateway        application (or vice versa) is digitally signed as an additional        layer of security. Digital signing provides both authentication        and validation that the data has not been altered in transit.    -   Camera SSL encapsulation because picture and video traffic        offered by off-the-shelf networked IP cameras is not secure when        traveling over the Internet. The touchscreen provides for        128-bit SSL encapsulation of the user picture and video data        sent over the internet for complete user security and privacy.    -   802.11b/g/n with WPA-2 security to ensure that wireless camera        communications always takes place using the strongest available        protection.    -   A touchscreen-enabled device is assigned a unique activation key        for activation with an iConnect server. This ensures that only        valid gateway-enabled devices can be activated for use with the        specific instance of iConnect server in use. Attempts to        activate gateway-enabled devices by brute force are detected by        the Security Engine. Partners deploying touchscreen-enabled        devices have the knowledge that only a gateway with the correct        serial number and activation key can be activated for use with        an iConnect server. Stolen devices, devices attempting to        masquerade as gateway-enabled devices, and malicious outsiders        (or insiders as knowledgeable but nefarious customers) cannot        effect other customers' gateway-enabled devices.

As standards evolve, and new encryption and authentication methods areproven to be useful, and older mechanisms proven to be breakable, thesecurity manager can be upgraded “over the air” to provide new andbetter security for communications between the iConnect server and thegateway application, and locally at the premises to remove any risk ofeavesdropping on camera communications.

A Remote Firmware Download module 306 of the touchscreen allows forseamless and secure updates to the gateway firmware through the iControlMaintenance Application on the server 104, providing a transparent,hassle-free mechanism for the service provider to deploy new featuresand bug fixes to the installed user base. The firmware downloadmechanism is tolerant of connection loss, power interruption and userinterventions (both intentional and unintentional). Such robustnessreduces down time and customer support issues. Touchscreen firmware canbe remotely download either for one touchscreen at a time, a group oftouchscreen, or in batches.

The Automations engine 308 of the touchscreen manages the user-definedrules of interaction between the different devices (e.g. when door opensturn on the light). Though the automation rules are programmed andreside at the portal/server level, they are cached at the gateway levelin order to provide short latency between device triggers and actions.

DeviceConnect 310 of the touchscreen touchscreen includes definitions ofall supported devices (e.g., cameras, security panels, sensors, etc.)using a standardized plug-in architecture. The DeviceConnect module 310offers an interface that can be used to quickly add support for any newdevice as well as enabling interoperability between devices that usedifferent technologies/protocols. For common device types, pre-definedsub-modules have been defined, making supporting new devices of thesetypes even easier. SensorConnect 312 is provided for adding new sensors,CameraConnect 316 for adding IP cameras, and PanelConnect 314 for addinghome security panels.

The Schedules engine 318 of the touchscreen is responsible for executingthe user defined schedules (e.g., take a picture every five minutes;every day at 8 am set temperature to 65 degrees Fahrenheit, etc.).Though the schedules are programmed and reside at the iConnect serverlevel they are sent to the scheduler within the gateway application ofthe touchscreen. The Schedules Engine 318 then interfaces withSensorConnect 312 to ensure that scheduled events occur at precisely thedesired time.

The Device Management module 320 of the touchscreen is in charge of alldiscovery, installation and configuration of both wired and wireless IPdevices (e.g., cameras, etc.) coupled or connected to the system.Networked IP devices, such as those used in the integrated securitysystem, require user configuration of many IP and security parameters,and the device management module of an embodiment handles the details ofthis configuration. The device management module also manages the videorouting module described below.

The video routing engine 322 of the touchscreen is responsible fordelivering seamless video streams to the user with zero-configuration.Through a multi-step, staged approach the video routing engine uses acombination of UPnP port-forwarding, relay server routing and STUN/TURNpeer-to-peer routing. The video routing engine is described in detail inthe Related Applications.

FIG. 11 is a block diagram 900 of network or premise device integrationwith a premise network 250, under an embodiment. In an embodiment,network devices 255, 256, 957 are coupled to the touchscreen 902 using asecure network connection such as SSL over an encrypted 802.11 link(utilizing for example WPA-2 security for the wireless encryption), andthe touchscreen 902 coupled to the premise router/firewall 252 via acoupling with a premise LAN 250. The premise router/firewall 252 iscoupled to a broadband modem 251, and the broadband modem 251 is coupledto a WAN 200 or other network outside the premise. The touchscreen 902thus enables or forms a separate wireless network, or sub-network, thatincludes some number of devices and is coupled or connected to the LAN250 of the host premises. The touchscreen sub-network can include, butis not limited to, any number of other devices like WiFi IP cameras,security panels (e.g., IP-enabled), and IP devices, to name a few. Thetouchscreen 902 manages or controls the sub-network separately from theLAN 250 and transfers data and information between components of thesub-network and the LAN 250/WAN 200, but is not so limited.Additionally, other network devices 254 can be coupled to the LAN 250without being coupled to the touchscreen 902.

FIG. 12 is a block diagram 1000 of network or premise device integrationwith a premise network 250, under an alternative embodiment. The networkor premise devices 255, 256, 1057 are coupled to the touchscreen 1002,and the touchscreen 1002 is coupled or connected between the premiserouter/firewall 252 and the broadband modem 251. The broadband modem 251is coupled to a WAN 200 or other network outside the premise, while thepremise router/firewall 252 is coupled to a premise LAN 250. As a resultof its location between the broadband modem 251 and the premiserouter/firewall 252, the touchscreen 1002 can be configured or functionas the premise router routing specified data between the outside network(e.g., WAN 200) and the premise router/firewall 252 of the LAN 250. Asdescribed above, the touchscreen 1002 in this configuration enables orforms a separate wireless network, or sub-network, that includes thenetwork or premise devices 255, 156, 1057 and is coupled or connectedbetween the LAN 250 of the host premises and the WAN 200. Thetouchscreen sub-network can include, but is not limited to, any numberof network or premise devices 255, 256, 1057 like WiFi IP cameras,security panels (e.g., IP-enabled), and security touchscreens, to name afew. The touchscreen 1002 manages or controls the sub-network separatelyfrom the LAN 250 and transfers data and information between componentsof the sub-network and the LAN 250/WAN 200, but is not so limited.Additionally, other network devices 254 can be coupled to the LAN 250without being coupled to the touchscreen 1002.

The gateway of an embodiment, whether a stand-along component orintegrated with a touchscreen, enables couplings or connections and thusthe flow or integration of information between various components of thehost premises and various types and/or combinations of IP devices, wherethe components of the host premises include a network (e.g., LAN) and/ora security system or subsystem to name a few. Consequently, the gatewaycontrols the association between and the flow of information or databetween the components of the host premises. For example, the gateway ofan embodiment forms a sub-network coupled to another network (e.g., WAN,LAN, etc.), with the sub-network including IP devices. The gatewayfurther enables the association of the IP devices of the sub-networkwith appropriate systems on the premises (e.g., security system, etc.).Therefore, for example, the gateway can form a sub-network of IP devicesconfigured for security functions, and associate the sub-network onlywith the premises security system, thereby segregating the IP devicesdedicated to security from other IP devices that may be coupled toanother network on the premises.

The gateway of an embodiment, as described herein, enables couplings orconnections and thus the flow of information between various componentsof the host premises and various types and/or combinations of IPdevices, where the components of the host premises include a network, asecurity system or subsystem to name a few. Consequently, the gatewaycontrols the association between and the flow of information or databetween the components of the host premises. For example, the gateway ofan embodiment forms a sub-network coupled to another network (e.g., WAN,LAN, etc.), with the sub-network including IP devices. The gatewayfurther enables the association of the IP devices of the sub-networkwith appropriate systems on the premises (e.g., security system, etc.).Therefore, for example, the gateway can form a sub-network of IP devicesconfigured for security functions, and associate the sub-network onlywith the premises security system, thereby segregating the IP devicesdedicated to security from other IP devices that may be coupled toanother network on the premises.

FIG. 13 is a flow diagram for a method 1100 of forming a securitynetwork including integrated security system components, under anembodiment. Generally, the method comprises coupling 1102 a gatewaycomprising a connection management component to a local area network ina first location and a security server in a second location. The methodcomprises forming 1104 a security network by automatically establishinga wireless coupling between the gateway and a security system using theconnection management component. The security system of an embodimentcomprises security system components located at the first location. Themethod comprises integrating 1106 communications and functions of thesecurity system components into the security network via the wirelesscoupling.

FIG. 14 is a flow diagram for a method 1200 of forming a securitynetwork including integrated security system components and networkdevices, under an embodiment. Generally, the method comprises coupling1202 a gateway to a local area network located in a first location and asecurity server in a second location. The method comprises automaticallyestablishing 1204 communications between the gateway and security systemcomponents at the first location, the security system including thesecurity system components. The method comprises automaticallyestablishing 1206 communications between the gateway and premise devicesat the first location. The method comprises forming 1208 a securitynetwork by electronically integrating, via the gateway, communicationsand functions of the premise devices and the security system components.

In an example embodiment, FIG. 15 is a flow diagram 1300 for integrationor installation of an IP device into a private network environment,under an embodiment. The IP device includes any IP-capable device which,for example, includes the touchscreen of an embodiment. The variables ofan embodiment set at time of installation include, but are not limitedto, one or more of a private SSID/Password, a gateway identifier, asecurity panel identifier, a user account TS, and a Central MonitoringStation account identification.

An embodiment of the IP device discovery and management begins with auser or installer activating 1302 the gateway and initiating 1304 theinstall mode of the system. This places the gateway in an install mode.Once in install mode, the gateway shifts to a default (Install) Wificonfiguration. This setting will match the default setting for otherintegrated security system-enabled devices that have been pre-configuredto work with the integrated security system. The gateway will then beginto provide 1306 DHCP addresses for these IP devices. Once the deviceshave acquired a new DHCP address from the gateway, those devices areavailable for configuration into a new secured Wifi network setting.

The user or installer of the system selects 1308 all devices that havebeen identified as available for inclusion into the integrated securitysystem. The user may select these devices by their unique IDs via a webpage, Touchscreen, or other client interface. The gateway provides 1310data as appropriate to the devices. Once selected, the devices areconfigured 1312 with appropriate secured Wifi settings, including SSIDand WPA/WPA-2 keys that are used once the gateway switches back to thesecured sandbox configuration from the “Install” settings. Othersettings are also configured as appropriate for that type of device.Once all devices have been configured, the user is notified and the usercan exit install mode. At this point all devices will have beenregistered 1314 with the integrated security system servers.

The installer switches 1316 the gateway to an operational mode, and thegateway instructs or directs 1318 all newly configured devices to switchto the “secured” Wifi sandbox settings. The gateway then switches 1320to the “secured” Wifi settings. Once the devices identify that thegateway is active on the “secured” network, they request new DHCPaddresses from the gateway which, in response, provides 1322 the newaddresses. The devices with the new addresses are then operational 1324on the secured network.

In order to ensure the highest level of security on the secured network,the gateway can create or generate a dynamic network securityconfiguration based on the unique ID and private key in the gateway,coupled with a randomizing factor that can be based on online time orother inputs. This guarantees the uniqueness of the gateway securednetwork configuration.

To enable the highest level of performance, the gateway analyzes the RFspectrum of the 802.11x network and determines which frequencyband/channel it should select to run.

An alternative embodiment of the camera/IP device management processleverages the local ethernet connection of the sandbox network on thegateway. This alternative process is similar to the Wifi discoveryembodiment described above, except the user connects the targeted deviceto the ethernet port of the sandbox network to begin the process. Thisalternative embodiment accommodates devices that have not beenpre-configured with the default “Install” configuration for theintegrated security system.

This alternative embodiment of the IP device discovery and managementbegins with the user/installer placing the system into install mode. Theuser is instructed to attach an IP device to be installed to the sandboxEthernet port of the gateway. The IP device requests a DHCP address fromthe gateway which, in response to the request, provides the address. Theuser is presented the device and is asked if he/she wants to install thedevice. If yes, the system configures the device with the secured Wifisettings and other device-specific settings (e.g., camera settings forvideo length, image quality etc.). The user is next instructed todisconnect the device from the ethernet port. The device is nowavailable for use on the secured sandbox network.

FIG. 16 is a block diagram showing communications among integrated IPdevices of the private network environment, under an embodiment. The IPdevices of this example include a security touchscreen 1403, gateway1402 (e.g., “iHub”), and security panel (e.g., “Security Panel 1”,“Security Panel 2”, “Security Panel n”), but the embodiment is not solimited. In alternative embodiments any number and/or combination ofthese three primary component types may be combined with othercomponents including IP devices and/or security system components. Forexample, a single device which comprises an integrated gateway,touchscreen, and security panel is merely another embodiment of theintegrated security system described herein. The description thatfollows includes an example configuration that includes a touchscreenhosting particular applications. However, the embodiment is not limitedto the touchscreen hosting these applications, and the touchscreenshould be thought of as representing any IP device.

Referring to FIG. 16, the touchscreen 1403 incorporates an application1410 that is implemented as computer code resident on the touchscreenoperating system, or as a web-based application running in a browser, oras another type of scripted application (e.g., Flash, Java, VisualBasic, etc.). The touchscreen core application 1410 represents thisapplication, providing user interface and logic for the end user tomanage their security system or to gain access to networked informationor content (Widgets). The touchscreen core application 1410 in turnaccesses a library or libraries of functions to control the localhardware (e.g. screen display, sound, LEDs, memory, etc.) as well asspecialized librarie(s) to couple or connect to the security system.

In an embodiment of this security system connection, the touchscreen1403 communicates to the gateway 1402, and has no direct communicationwith the security panel. In this embodiment, the touchscreen coreapplication 1410 accesses the remote service APIs 1412 which providesecurity system functionality (e.g. ARM/DISARM panel, sensor state,get/set panel configuration parameters, initiate or get alarm events,etc.). In an embodiment, the remote service APIs 1412 implement one ormore of the following functions, but the embodiment is not so limited:Armstate=setARMState(type=“ARM STAY|ARM AWAY|DISARM”,Parameters=“ExitDelay=30|Lights=OFF”);sensorState=getSensors(type=“ALL|SensorName|SensorNameList”);result=setSensorState(SensorName, parameters=“Option1, Options2, . . .Option n”); interruptHandler=SensorEvent( ) and,interruptHandler=alarmEvent( ).

Functions of the remote service APIs 1412 of an embodiment use a remotePanelConnect API 1424 which which resides in memory on the gateway 1402.The touchscreen 1403 communicates with the gateway 1402 through asuitable network interface such as an Ethernet or 802.11 RF connection,for example. The remote PanelConnect API 1424 provides the underlyingSecurity System Interfaces 1426 used to communicate with and control oneor more types of security panel via wired link 1430 and/or RF link 3.The PanelConnect API 1224 provides responses and input to the remoteservices APIs 1426, and in turn translates function calls and data toand from the specific protocols and functions supported by a specificimplementation of a Security Panel (e.g. a GE Security Simon XT orHoneywell Vista 20P). In an embodiment, the PanelConnect API 1224 uses a345 MHz RF transceiver or receiver hardware/firmware module tocommunicate wirelessly to the security panel and directly to a set of345 MHz RF-enabled sensors and devices, but the embodiment is not solimited.

The gateway of an alternative embodiment communicates over a wiredphysical coupling or connection to the security panel using the panel'sspecific wired hardware (bus) interface and the panel's bus-levelprotocol.

In an alternative embodiment, the Touchscreen 1403 implements the samePanelConnect API 1414 locally on the Touchscreen 1403, communicatingdirectly with the Security Panel 2 and/or Sensors 2 over the proprietaryRF link or over a wired link for that system. In this embodiment theTouchscreen 1403, instead of the gateway 1402, incorporates the 345 MHzRF transceiver to communicate directly with Security Panel 2 or Sensors2 over the RF link 2. In the case of a wired link the Touchscreen 1403incorporates the real-time hardware (e.g. a PIC chip and RS232-variantserial link) to physically connect to and satisfy the specific bus-leveltiming requirements of the SecurityPanel2.

In yet another alternative embodiment, either the gateway 1402 or theTouchscreen 1403 implements the remote service APIs. This embodimentincludes a SPIM device, as described in detail herein, which comprisesbut is not limited to a processor (suitable for handling 802.11protocols and processing, as well as the bus timing requirements ofSecurityPanel1), an 802.11 (WiFi) client IP interface chip, and a serialbus interface chip that implements variants of RS232 or RS485, dependingon the specific Security Panel.

The SPIM also implements the full PanelConnect APIs such that it canperform the same functions as the case where the gateway implements thePanelConnect APIs. In this embodiment, the touchscreen core application1410 calls functions in the remote service APIs 1412 (such assetArmState( ). These functions in turn couple or connect to the remoteSPIM through a standard IP connection (“SPIM IP Link”) (e.g., Ethernet,Homeplug, the gateway's proprietary Wifi network, etc.). The SPIM inturn implements the PanelConnect API, which responds to the request fromthe touchscreen core application, and performs the appropriate functionusing the proprietary panel interface. This interface uses either thewireless or wired proprietary protocol for the specific security paneland/or sensors.

FIG. 17 is a flow diagram of a method of integrating an external controland management application system with an existing security system,under an embodiment. Operations begin when the system is powered on1510, involving at a minimum the power-on of the gateway device, andoptionally the power-on of the connection between the gateway device andthe remote servers. The gateway device initiates 1520 a software and RFsequence to locate the extant security system. The gateway and installerinitiate and complete 1530 a sequence to ‘learn’ the gateway into thesecurity system as a valid and authorized control device. The gatewayinitiates 1540 another software and RF sequence of instructions todiscover and learn the existence and capabilities of existing RF deviceswithin the extant security system, and store this information in thesystem. These operations under the system of an embodiment are describedin further detail below.

Unlike conventional systems that extend an existing security system, thesystem of an embodiment operates utilizing the proprietary wirelessprotocols of the security system manufacturer. In one illustrativeembodiment, the gateway is an embedded computer with an IP LAN and WANconnection and a plurality of RF transceivers and software protocolmodules capable of communicating with a plurality of security systemseach with a potentially different RF and software protocol interface.After the gateway has completed the discovery and learning 1540 ofsensors and has been integrated 1550 as a virtual control device in theextant security system, the system becomes operational. Thus, thesecurity system and associated sensors are presented 1550 as accessibledevices to a potential plurality of user interface subsystems.

The system of an embodiment integrates 1560 the functionality of theextant security system with other non-security devices including but notlimited to IP cameras, touchscreens, lighting controls, door lockingmechanisms, which may be controlled via RF, wired, or powerline-basednetworking mechanisms supported by the gateway or servers.

The system of an embodiment provides a user interface subsystem 1570enabling a user to monitor, manage, and control the system andassociated sensors and security systems. In an embodiment of the system,a user interface subsystem is an HTML/XML/Javascript/Java/AJAX/Flashpresentation of a monitoring and control application, enabling users toview the state of all sensors and controllers in the extant securitysystem from a web browser or equivalent operating on a computer, PDA,mobile phone, or other consumer device.

In another illustrative embodiment of the system described herein, auser interface subsystem is an HTML/XML/Javascript/Java/AJAXpresentation of a monitoring and control application, enabling users tocombine the monitoring and control of the extant security system andsensors with the monitoring and control of non-security devicesincluding but not limited to IP cameras, touchscreens, lightingcontrols, door locking mechanisms.

In another illustrative embodiment of the system described herein, auser interface subsystem is a mobile phone application enabling users tomonitor and control the extant security system as well as othernon-security devices.

In another illustrative embodiment of the system described herein, auser interface subsystem is an application running on a keypad ortouchscreen device enabling users to monitor and control the extantsecurity system as well as other non-security devices.

In another illustrative embodiment of the system described herein, auser interface subsystem is an application operating on a TV or set-topbox connected to a TV enabling users to monitor and control the extantsecurity system as well as other non-security devices.

FIG. 18 is a block diagram of an integrated security system 1600wirelessly interfacing to proprietary security systems, under anembodiment. A security system 1610 is coupled or connected to a Gateway1620, and from Gateway 1620 coupled or connected to a plurality ofinformation and content sources across a network 1630 including one ormore web servers 1640, system databases 1650, and applications servers1660. While in one embodiment network 1630 is the Internet, includingthe World Wide Web, those of skill in the art will appreciate thatnetwork 1630 may be any type of network, such as an intranet, anextranet, a virtual private network (VPN), a mobile network, or anon-TCP/IP based network.

Moreover, other elements of the system of an embodiment may beconventional, well-known elements that need not be explained in detailherein. For example, security system 1610 could be any type home orbusiness security system, such devices including but not limited to astandalone RF home security system or a non-RF-capable wired homesecurity system with an add-on RF interface module. In the integratedsecurity system 1600 of this example, security system 1610 includes anRF-capable wireless security panel (WSP) 1611 that acts as the mastercontroller for security system 1610. Well-known examples of such a WSPinclude the GE Security Concord, Networx, and Simon panels, theHoneywell Vista and Lynx panels, and similar panels from DSC and Napco,to name a few. A wireless module 1614 includes the RF hardware andprotocol software necessary to enable communication with and control ofa plurality of wireless devices 1613. WSP 1611 may also manage wireddevices 1614 physically connected to WSP 1611 with an RS232 or RS485 orEthernet connection or similar such wired interface.

In an implementation consistent with the systems and methods describedherein, Gateway 1620 provides the interface between security system 1610and LAN and/or WAN for purposes of remote control, monitoring, andmanagement. Gateway 1620 communicates with an external web server 1640,database 1650, and application server 1660 over network 1630 (which maycomprise WAN, LAN, or a combination thereof). In this example system,application logic, remote user interface functionality, as well as userstate and account are managed by the combination of these remoteservers. Gateway 1620 includes server connection manager 1621, asoftware interface module responsible for all server communication overnetwork 1630. Event manager 1622 implements the main event loop forGateway 1620, processing events received from device manager 1624(communicating with non-security system devices including but notlimited to IP cameras, wireless thermostats, or remote door locks).Event manager 1622 further processes events and control messages fromand to security system 1610 by utilizing WSP manager 1623.

WSP manager 1623 and device manager 1624 both rely upon wirelessprotocol manager 1626 which receives and stores the proprietary orstandards-based protocols required to support security system 1610 aswell as any other devices interfacing with gateway 1620. WSP manager1623 further utilizes the comprehensive protocols and interfacealgorithms for a plurality of security systems 1610 stored in the WSP DBclient database associated with wireless protocol manager 1626. Thesevarious components implement the software logic and protocols necessaryto communicate with and manager devices and security systems 1610.Wireless Transceiver hardware modules 1625 are then used to implementthe physical RF communications link to such devices and security systems1610. An illustrative wireless transceiver 1625 is the GE SecurityDialog circuit board, implementing a 319.5 MHz two-way RF transceivermodule. In this example, RF Link 1670 represents the 319.5 MHz RFcommunication link, enabling gateway 1620 to monitor and control WSP1611 and associated wireless and wired devices 1613 and 1614,respectively.

In one embodiment, server connection manager 1621 requests and receivesa set of wireless protocols for a specific security system 1610 (anillustrative example being that of the GE Security Concord panel andsensors) and stores them in the WSP DB portion of the wireless protocolmanager 1626. WSP manager 1623 then utilizes such protocols fromwireless protocol manager 1626 to initiate the sequence of processesdetailed in FIG. 17 and FIG. 18 for learning gateway 1620 into securitysystem 1610 as an authorized control device. Once learned in, asdescribed with reference to FIG. 18 (and above), event manager 1622processes all events and messages detected by the combination of WSPmanager 1623 and the GE Security wireless transceiver module 1625.

In another embodiment, gateway 1620 incorporates a plurality of wirelesstransceivers 1625 and associated protocols managed by wireless protocolmanager 1626. In this embodiment events and control of multipleheterogeneous devices may be coordinated with WSP 1611, wireless devices1613, and wired devices 1614. For example a wireless sensor from onemanufacturer may be utilized to control a device using a differentprotocol from a different manufacturer.

In another embodiment, gateway 1620 incorporates a wired interface tosecurity system 1610, and incorporates a plurality of wirelesstransceivers 1625 and associated protocols managed by wireless protocolmanager 1626. In this embodiment events and control of multipleheterogeneous devices may be coordinated with WSP 1611, wireless devices1613, and wired devices 1614.

Of course, while an illustrative embodiment of an architecture of thesystem of an embodiment is described in detail herein with respect toFIG. 18, one of skill in the art will understand that modifications tothis architecture may be made without departing from the scope of thedescription presented herein. For example, the functionality describedherein may be allocated differently between client and server, oramongst different server or processor-based components. Likewise, theentire functionality of the gateway 1620 described herein could beintegrated completely within an existing security system 1610. In suchan embodiment, the architecture could be directly integrated with asecurity system 1610 in a manner consistent with the currently describedembodiments.

FIG. 19 is a flow diagram for wirelessly ‘learning’ the Gateway into anexisting security system and discovering extant sensors, under anembodiment. The learning interfaces gateway 1620 with security system1610. Gateway 1620 powers up 1710 and initiates software sequences 1720and 1725 to identify accessible WSPs 1611 and wireless devices 1613,respectively (e.g., one or more WSPs and/or devices within range ofgateway 1620). Once identified, WSP 1611 is manually or automaticallyset into ‘learn mode’ 1730, and gateway 1620 utilizes availableprotocols to add 1740 itself as an authorized control device in securitysystem 1610. Upon successful completion of this task, WSP 1611 ismanually or automatically removed from ‘learn mode’ 1750.

Gateway 1620 utilizes the appropriate protocols to mimic 1760 the firstidentified device 1614. In this operation gateway 1620 identifies itselfusing the unique or pseudo-unique identifier of the first found device1614, and sends an appropriate change of state message over RF Link1670. In the event that WSP 1611 responds to this change of statemessage, the device 1614 is then added 1770 to the system in database1650. Gateway 1620 associates 1780 any other information (such as zonename or token-based identifier) with this device 1614 in database 1650,enabling gateway 1620, user interface modules, or any application toretrieve this associated information.

In the event that WSP 1611 does not respond to the change of statemessage, the device 1614 is not added 1770 to the system in database1650, and this device 1614 is identified as not being a part of securitysystem 1610 with a flag, and is either ignored or added as anindependent device, at the discretion of the system provisioning rules.Operations hereunder repeat 1785 operations 1760, 1770, 1780 for alldevices 1614 if applicable. Once all devices 1614 have been tested inthis way, the system begins operation 1790.

In another embodiment, gateway 1620 utilizes a wired connection to WSP1611, but also incorporates a wireless transceiver 1625 to communicatedirectly with devices 1614. In this embodiment, operations under 1720above are removed, and operations under 1740 above are modified so thesystem of this embodiment utilizes wireline protocols to add itself asan authorized control device in security system 1610.

A description of an example embodiment follows in which the Gateway(FIG. 18, element 1620) is the iHub available from iControl Networks,Palo Alto, Calif., and described in detail herein. In this example thegateway is “automatically” installed with a security system.

The automatic security system installation begins with the assignment ofan authorization key to components of the security system (e.g.,gateway, kit including the gateway, etc.). The assignment of anauthorization key is done in lieu of creating a user account. Aninstaller later places the gateway in a user's premises along with thepremises security system. The installer uses a computer to navigate to aweb portal (e.g., integrated security system web interface), logs in tothe portal, and enters the authorization key of the installed gatewayinto the web portal for authentication. Once authenticated, the gatewayautomatically discovers devices at the premises (e.g., sensors, cameras,light controls, etc.) and adds the discovered devices to the system or“network”. The installer assigns names to the devices, and testsoperation of the devices back to the server (e.g., did the door open,did the camera take a picture, etc.). The security device information isoptionally pushed or otherwise propagated to a security panel and/or tothe server network database. The installer finishes the installation,and instructs the end user on how to create an account, username, andpassword. At this time the user enters the authorization key whichvalidates the account creation (uses a valid authorization key toassociate the network with the user's account). New devices maysubsequently be added to the security network in a variety of ways(e.g., user first enters a unique ID for each device/sensor and names itin the server, after which the gateway can automatically discover andconfigure the device).

A description of another example embodiment follows in which thesecurity system (FIG. 18, element 1610) is a Dialog system and the WSP(FIG. 18, element 1611) is a SimonXT available from General ElectricSecurity, and the Gateway (FIG. 18, element 1620) is the iHub availablefrom iControl Networks, Palo Alto, Calif., and described in detailherein. Descriptions of the install process for the SimonXT and iHub arealso provided below.

GE Security's Dialog network is one of the most widely deployed andtested wireless security systems in the world. The physical RF networkis based on a 319.5 MHz unlicensed spectrum, with a bandwidth supportingup to 19 Kbps communications. Typical use of this bandwidth—even inconjunction with the integrated security system—is far less than that.Devices on this network can support either one-way communication (eithera transmitter or a receiver) or two-way communication (a transceiver).Certain GE Simon, Simon XT, and Concord security control panelsincorporate a two-way transceiver as a standard component. The gatewayalso incorporates the same two-way transceiver card. The physical linklayer of the network is managed by the transceiver module hardware andfirmware, while the coded payload bitstreams are made available to theapplication layer for processing.

Sensors in the Dialog network typically use a 60-bit protocol forcommunicating with the security panel transceiver, while security systemkeypads and the gateway use the encrypted 80-bit protocol. The Dialognetwork is configured for reliability, as well as low-power usage. Manydevices are supervised, i.e. they are regularly monitored by the system‘master’ (typically a GE security panel), while still maintainingexcellent power usage characteristics. A typical door window sensor hasa battery life in excess of 5-7 years.

The gateway has two modes of operation in the Dialog network: a firstmode of operation is when the gateway is configured or operates as a‘slave’ to the GE security panel; a second mode of operation is when thegateway is configured or operates as a ‘master’ to the system in theevent a security panel is not present. In both configurations, thegateway has the ability to ‘listen’ to network traffic, enabling thegateway to continually keep track of the status of all devices in thesystem. Similarly, in both situations the gateway can address andcontrol devices that support setting adjustments (such as the GEwireless thermostat).

In the configuration in which the gateway acts as a ‘slave’ to thesecurity panel, the gateway is ‘learned into’ the system as a GEwireless keypad. In this mode of operation, the gateway emulates asecurity system keypad when managing the security panel, and can querythe security panel for status and ‘listen’ to security panel events(such as alarm events).

The gateway incorporates an RF Transceiver manufactured by GE Security,but is not so limited. This transceiver implements the Dialog protocolsand handles all network message transmissions, receptions, and timing.As such, the physical, link, and protocol layers of the communicationsbetween the gateway and any GE device in the Dialog network are totallycompliant with GE Security specifications.

At the application level, the gateway emulates the behavior of a GEwireless keypad utilizing the GE Security 80-bit encrypted protocol, andonly supported protocols and network traffic are generated by thegateway. Extensions to the Dialog RF protocol of an embodiment enablefull control and configuration of the panel, and iControl can bothautomate installation and sensor enrollment as well as directconfiguration downloads for the panel under these protocol extensions.

As described above, the gateway participates in the GE Security networkat the customer premises. Because the gateway has intelligence and atwo-way transceiver, it can ‘hear’ all of the traffic on that network.The gateway makes use of the periodic sensor updates, state changes, andsupervisory signals of the network to maintain a current state of thepremises. This data is relayed to the integrated security system server(e.g., FIG. 4, element 260) and stored in the event repository for useby other server components. This usage of the GE Security RF network iscompletely non-invasive; there is no new data traffic created to supportthis activity.

The gateway can directly (or indirectly through the Simon XT panel)control two-way devices on the network. For example, the gateway candirect a GE Security Thermostat to change its setting to ‘Cool’ from‘Off’, as well as request an update on the current temperature of theroom. The gateway performs these functions using the existing GE Dialogprotocols, with little to no impact on the network; a gateway devicecontrol or data request takes only a few dozen bytes of data in anetwork that can support 19 Kbps.

By enrolling with the Simon XT as a wireless keypad, as describedherein, the gateway includes data or information of all alarm events, aswell as state changes relevant to the security panel. This informationis transferred to the gateway as encrypted packets in the same way thatthe information is transferred to all other wireless keypads on thenetwork.

Because of its status as an authorized keypad, the gateway can alsoinitiate the same panel commands that a keypad can initiate. Forexample, the gateway can arm or disarm the panel using the standardDialog protocol for this activity. Other than the monitoring of standardalarm events like other network keypads, the only incremental datatraffic on the network as a result of the gateway is the infrequentremote arm/disarm events that the gateway initiates, or infrequentqueries on the state of the panel.

The gateway is enrolled into the Simon XT panel as a ‘slave’ devicewhich, in an embodiment, is a wireless keypad. This enables the gatewayfor all necessary functionality for operating the Simon XT systemremotely, as well as combining the actions and information ofnon-security devices such as lighting or door locks with GE Securitydevices. The only resource taken up by the gateway in this scenario isone wireless zone (sensor ID).

The gateway of an embodiment supports three forms of sensor and panelenrollment/installation into the integrated security system, but is notlimited to this number of enrollment/installation options. Theenrollment/installation options of an embodiment include installerinstallation, kitting, and panel, each of which is described below.

Under the installer option, the installer enters the sensor IDs at timeof installation into the integrated security system web portal oriScreen. This technique is supported in all configurations andinstallations.

Kits can be pre-provisioned using integrated security systemprovisioning applications when using the kitting option. At kittingtime, multiple sensors are automatically associated with an account, andat install time there is no additional work required.

In the case where a panel is installed with sensors already enrolled(i.e. using the GE Simon XT enrollment process), the gateway has thecapability to automatically extract the sensor information from thesystem and incorporate it into the user account on the integratedsecurity system server.

The gateway and integrated security system of an embodiment uses anauto-learn process for sensor and panel enrollment in an embodiment. Thedeployment approach of an embodiment can use additional interfaces thatGE Security is adding to the Simon XT panel. With these interfaces, thegateway has the capability to remotely enroll sensors in the panelautomatically. The interfaces include, but are not limited to, thefollowing: EnrollDevice(ID, type, name, zone, group);SetDeviceParameters(ID, type, Name, zone, group),GetDeviceParameters(zone); and RemoveDevice(zone).

The integrated security system incorporates these new interfaces intothe system, providing the following install process. The install processcan include integrated security system logistics to handle kitting andpre-provisioning. Pre-kitting and logistics can include apre-provisioning kitting tool provided by integrated security systemthat enables a security system vendor or provider (“provider”) to offerpre-packaged initial ‘kits’. This is not required but is recommended forsimplifying the install process. This example assumes a ‘Basic’ kit ispreassembled and includes one (1) Simon XT, three (3) Door/windowsensors, one (1) motion sensor, one (1) gateway, one (1) keyfob, two (2)cameras, and ethernet cables. The kit also includes a sticker page withall Zones (1-24) and Names (full name list).

The provider uses the integrated security system kitting tool toassemble ‘Basic’ kit packages. The contents of different types ofstarter kits may be defined by the provider. At the distributionwarehouse, a worker uses a bar code scanner to scan each sensor and thegateway as it is packed into the box. An ID label is created that isattached to the box. The scanning process automatically associates allthe devices with one kit, and the new ID label is the unique identifierof the kit. These boxes are then sent to the provider for distributionto installer warehouses. Individual sensors, cameras, etc. are also sentto the provider installer warehouse. Each is labeled with its ownbarcode/ID.

An installation and enrollment procedure of a security system includinga gateway is described below as one example of the installation process.

-   1. Order and Physical Install Process    -   a. Once an order is generated in the iControl system, an account        is created and an install ticket is created and sent        electronically to the provider for assignment to an installer.    -   b. The assigned installer picks up his/her ticket(s) and fills        his/her truck with Basic and/or Advanced starter kits. He/she        also keeps a stock of individual sensors, cameras, iHubs, Simon        XTs, etc. Optionally, the installer can also stock homeplug        adapters for problematic installations.    -   c. The installer arrives at the address on the ticket, and pulls        out the Basic kit. The installer determines sensor locations        from a tour of the premises and discussion with the homeowner.        At this point assume the homeowner requests additional equipment        including an extra camera, two (2) additional door/window        sensors, one (1) glass break detector, and one (1) smoke        detector.    -   d. Installer mounts SimonXT in the kitchen or other location in        the home as directed by the homeowner, and routes the phone line        to Simon XT if available. GPRS and Phone numbers pre-programmed        in SimonXT to point to the provider Central Monitoring Station        (CMS).    -   e. Installer places gateway in the home in the vicinity of a        router and cable modem. Installer installs an ethernet line from        gateway to router and plugs gateway into an electrical outlet.-   2. Associate and Enroll gateway into SimonXT    -   a. Installer uses either his/her own laptop plugged into router,        or homeowners computer to go to the integrated security system        web interface and log in with installer ID/pass.    -   b. Installer enters ticket number into admin interface, and        clicks ‘New Install’ button. Screen prompts installer for kit ID        (on box's barcode label).    -   c. Installer clicks ‘Add SimonXT’. Instructions prompt installer        to put Simon XT into install mode, and add gateway as a wireless        keypad. It is noted that this step is for security only and can        be automated in an embodiment.    -   d. Installer enters the installer code into the Simon XT.        Installer Learns ‘gateway’ into the panel as a wireless keypad        as a group 1 device.    -   e. Installer goes back to Web portal, and clicks the ‘Finished        Adding SimonXT’ button.-   3. Enroll Sensors into SimonXT via iControl    -   a. All devices in the Basic kit are already associated with the        user's account.    -   b. For additional devices, Installer clicks ‘Add Device’ and        adds the additional camera to the user's account (by typing in        the camera ID/Serial #).    -   c. Installer clicks ‘Add Device’ and adds other sensors (two (2)        door/window sensors, one (1) glass break sensor, and one (1)        smoke sensor) to the account (e.g., by typing in IDs).    -   d. As part of Add Device, Installer assigns zone, name, and        group to the sensor. Installer puts appropriate Zone and Name        sticker on the sensor temporarily.    -   e. All sensor information for the account is pushed or otherwise        propagated to the iConnect server, and is available to propagate        to CMS automation software through the CMS application        programming interface (API).    -   f. Web interface displays ‘Installing Sensors in System . . . ’        and automatically adds all of the sensors to the Simon XT panel        through the GE RF link.    -   g. Web interface displays ‘Done Installing’-->all sensors show        green.-   4. Place and Tests Sensors in Home    -   a. Installer physically mounts each sensor in its desired        location, and removes the stickers.    -   b. Installer physically mounts WiFi cameras in their location        and plugs into AC power. Optional fishing of low voltage wire        through wall to remove dangling wires. Camera transformer is        still plugged into outlet but wire is now inside the wall.    -   c. Installer goes to Web interface and is prompted for automatic        camera install. Each camera is provisioned as a private,        encrypted Wifi device on the gateway secured sandbox network,        and firewall NAT traversal is initiated. Upon completion the        customer is prompted to test the security system.    -   d. Installer selects the ‘Test System’ button on the web        portal—the SimonXT is put into Test mode by the gateway over GE        RF.    -   e. Installer manually tests the operation of each sensor,        receiving an audible confirmation from SimonXT.    -   f. Gateway sends test data directly to CMS over broadband link,        as well as storing the test data in the user's account for        subsequent report generation.    -   g. Installer exits test mode from the Web portal.-   5. Installer instructs customer on use of the Simon XT, and shows    customer how to log into the iControl web and mobile portals.    Customer creates a username/password at this time.-   6. Installer instructs customer how to change Simon XT user code    from the Web interface. Customer changes user code which is pushed    to SimonXT automatically over GE RF.

An installation and enrollment procedure of a security system includinga gateway is described below as an alternative example of theinstallation process. This installation process is for use for enrollingsensors into the SimonXT and integrated security system and iscompatible with all existing GE Simon panels.

The integrated security system supports all pre-kitting functionalitydescribed in the installation process above. However, for the purpose ofthe following example, no kitting is used.

-   -   1. Order and Physical Install Process        -   a. Once an order is generated in the iControl system, an            account is created and an install ticket is created and sent            electronically to the security system provider for            assignment to an installer.        -   b. The assigned installer picks up his/her ticket(s) and            fills his/her truck with individual sensors, cameras, iHubs,            Simon XTs, etc. Optionally, the installer can also stock            homeplug adapters for problematic installations.        -   c. The installer arrives at the address on the ticket, and            analyzes the house and talks with the homeowner to determine            sensor locations. At this point assume the homeowner            requests three (3) cameras, five (5) door/window sensors,            one (1) glass break detector, one (1) smoke detector, and            one (1) keyfob.        -   d. Installer mounts SimonXT in the kitchen or other location            in the home. The installer routes a phone line to Simon XT            if available. GPRS and Phone numbers are pre-programmed in            SimonXT to point to the provider CMS.        -   e. Installer places gateway in home in the vicinity of a            router and cable modem, and installs an ethernet line from            gateway to the router, and plugs gateway into an electrical            outlet.    -   2. Associate and Enroll gateway into SimonXT        -   a. Installer uses either his/her own laptop plugged into            router, or homeowners computer to go to the integrated            security system web interface and log in with an installer            ID/pass.        -   b. Installer enters ticket number into admin interface, and            clicks ‘New Install’ button. Screen prompts installer to add            devices.        -   c. Installer types in ID of gateway, and it is associated            with the user's account.        -   d. Installer clicks ‘Add Device’ and adds the cameras to the            user's account (by typing in the camera ID/Serial #).        -   e. Installer clicks ‘Add SimonXT’. Instructions prompt            installer to put Simon XT into install mode, and add gateway            as a wireless keypad.        -   f. Installer goes to Simon XT and enters the installer code            into the Simon XT. Learns ‘gateway’ into the panel as a            wireless keypad as group 1 type sensor.        -   g. Installer returns to Web portal, and clicks the ‘Finished            Adding SimonXT’ button.        -   h. Gateway now is alerted to all subsequent installs over            the security system RF.    -   3. Enroll Sensors into SimonXT via iControl        -   a. Installer clicks ‘Add Simon XT Sensors’—Displays            instructions for adding sensors to Simon XT.        -   b. Installer goes to Simon XT and uses Simon XT install            process to add each sensor, assigning zone, name, group.            These assignments are recorded for later use.        -   c. The gateway automatically detects each sensor addition            and adds the new sensor to the integrated security system.        -   d. Installer exits install mode on the Simon XT, and returns            to the Web portal.        -   e. Installer clicks ‘Done Adding Devices’.        -   f. Installer enters zone/sensor naming from recorded notes            into integrated security system to associate sensors to            friendly names.        -   g. All sensor information for the account is pushed to the            iConnect server, and is available to propagate to CMS            automation software through the CMS API.    -   4. Place and Tests Sensors in Home        -   a. Installer physically mounts each sensor in its desired            location.        -   b. Installer physically mounts Wifi cameras in their            location and plugs into AC power. Optional fishing of low            voltage wire through wall to remove dangling wires. Camera            transformer is still plugged into outlet but wire is now            inside the wall.        -   c. Installer puts SimonXT into Test mode from the keypad.        -   d. Installer manually tests the operation of each sensor,            receiving an audible confirmation from SimonXT.        -   e. Installer exits test mode from the Simon XT keypad.        -   f. Installer returns to web interface and is prompted to            automatically set up cameras. After waiting for completion            cameras are now provisioned and operational.    -   5. Installer instructs customer on use of the Simon XT, and        shows customer how to log into the integrated security system        web and mobile portals. Customer creates a username/password at        this time.    -   6. Customer and Installer observe that all sensors/cameras are        green.    -   7. Installer instructs customer how to change Simon XT user code        from the keypad. Customer changes user code and stores in        SimonXT.    -   8. The first time the customer uses the web portal to Arm/Disarm        system the web interface prompts the customer for the user code,        which is then stored securely on the server. In the event the        user code is changed on the panel the web interface once again        prompts the customer.

The panel of an embodiment can be programmed remotely. The CMS pushesnew programming to SimonXT over a telephone or GPRS link. Optionally,iControl and GE provide a broadband link or coupling to the gateway andthen a link from the gateway to the Simon XT over GE RF.

In addition to the configurations described above, the gateway of anembodiment supports takeover configurations in which it is introduced oradded into a legacy security system. A description of example takeoverconfigurations follow in which the security system (FIG. 4, element 210)is a Dialog system and the WSP (FIG. 4, element 211) is a GE Concordpanel (e.g., equipped with POTS, GE RF, and Superbus 2000 RS485interface (in the case of a Lynx takeover the Simon XT is used)available from General Electric Security. The gateway (FIG. 4, element220) in the takeover configurations is an iHub (e.g., equipped withbuilt-in 802.11b/g router, Ethernet Hub, GSM/GPRS card, RS485 interface,and iControl Honeywell-compatible RF card) available from iControlNetworks, Palo Alto, Calif. While components of particular manufacturersare used in this example, the embodiments are not limited to thesecomponents or to components from these vendors.

The security system can optionally include RF wireless sensors (e.g., GEwireless sensors utilizing the GE Dialog RF technology), IP cameras, aGE-iControl Touchscreen (the touchscreen is assumed to be an optionalcomponent in the configurations described herein, and is thus treatedseparately from the iHub; in systems in which the touchscreen is acomponent of the base security package, the integrated iScreen(available from iControl Networks, Palo Alto, Calif.) can be used tocombine iHub technology with the touchscreen in a single unit), andZ-Wave devices to name a few.

The takeover configurations described below assume takeover by a “new”system of an embodiment of a security system provided by another thirdparty vendor, referred to herein as an “original” or “legacy” system.Generally, the takeover begins with removal of the control panel andkeypad of the legacy system. A GE Concord panel is installed to replacethe control panel of the legacy system along with an iHub with GPRSModem. The legacy system sensors are then connected or wired to theConcord panel, and a GE keypad or touchscreen is installed to replacethe control panel of the legacy system. The iHub includes the iControlRF card, which is compatible with the legacy system. The iHub finds andmanages the wireless sensors of the legacy system, and learns thesensors into the Concord by emulating the corresponding GE sensors. TheiHub effectively acts as a relay for legacy wireless sensors.

Once takeover is complete, the new security system provides ahomogeneous system that removes the compromises inherent in taking overor replacing a legacy system. For example, the new system provides amodern touchscreen that may include additional functionality, newservices, and supports integration of sensors from variousmanufacturers. Furthermore, lower support costs can be realized becausecall centers, installers, etc. are only required to support onearchitecture. Additionally, there is minimal install cost because onlythe panel is required to be replaced as a result of the configurationflexibility offered by the iHub.

The system takeover configurations described below include but are notlimited to a dedicated wireless configuration, a dedicated wirelessconfiguration that includes a touchscreen, and a fished Ethernetconfiguration. Each of these configurations is described in detailbelow.

FIG. 20 is a block diagram of a security system in which the legacypanel is replaced with a GE Concord panel wirelessly coupled to an iHub,under an embodiment. All existing wired and RF sensors remain in place.The iHub is located near the Concord panel, and communicates with thepanel via the 802.11 link, but is not so limited. The iHub managescameras through a built-in 802.11 router. The iHub listens to theexisting RF HW sensors, and relays sensor information to the Concordpanel (emulating the equivalent GE sensor). The wired sensors of thelegacy system are connected to the wired zones on the control panel.

FIG. 21 is a block diagram of a security system in which the legacypanel is replaced with a GE Concord panel wirelessly coupled to an iHub,and a GE-iControl Touchscreen, under an embodiment. All existing wiredand RF sensors remain in place. The iHub is located near the Concordpanel, and communicates with the panel via the 802.11 link, but is notso limited. The iHub manages cameras through a built-in 802.11 router.The iHub listens to the existing RF HW sensors, and relays sensorinformation to the Concord panel (emulating the equivalent GE sensor).The wired sensors of the legacy system are connected to the wired zoneson the control panel.

The GE-iControl Touchscreen can be used with either of an 802.11connection or Ethernet connection with the iHub. Because the takeoverinvolves a GE Concord panel (or Simon XT), the touchscreen is always anoption. No extra wiring is required for the touchscreen as it can usethe 4-wire set from the replaced keypad of the legacy system. Thisprovides power, battery backup (through Concord), and data link (RS485Superbus 2000) between Concord and touchscreen. The touchscreen receivesits broadband connectivity through the dedicated 802.11 link to theiHub.

FIG. 22 is a block diagram of a security system in which the legacypanel is replaced with a GE Concord panel connected to an iHub via anEthernet coupling, under an embodiment. All existing wired and RFsensors remain in place. The iHub is located near the Concord panel, andwired to the panel using a 4-wire SUperbus 2000 (RS485) interface, butis not so limited. The iHub manages cameras through a built-in 802.11router. The iHub listens to the existing RF HW sensors, and relayssensor information to the Concord panel (emulating the equivalent GEsensor). The wired sensors of the legacy system are connected to thewired zones on the control panel.

The takeover installation process is similar to the installation processdescribed above, except the control panel of the legacy system isreplaced; therefore, only the differences with the installationdescribed above are provided here. The takeover approach of anembodiment uses the existing RS485 control interfaces that GE Securityand iControl support with the iHub, touchscreen, and Concord panel. Withthese interfaces, the iHub is capable of automatically enrolling sensorsin the panel. The exception is the leverage of an iControl RF cardcompatible with legacy systems to ‘takeover’ existing RF sensors. Adescription of the takeover installation process follows.

During the installation process, the iHub uses an RF Takeover Card toautomatically extract all sensor IDs, zones, and names from the legacypanel. The installer removes connections at the legacy panel fromhardwired wired sensors and labels each with the zone. The installerpulls the legacy panel and replaces it with the GE Concord panel. Theinstaller also pulls the existing legacy keypad and replaces it witheither a GE keypad or a GE-iControl touchscreen. The installer connectslegacy hardwired sensors to appropriate wired zone (from labels) on theConcord. The installer connects the iHub to the local network andconnects the iHub RS485 interface to the Concord panel. The iHubautomatically ‘enrolls’ legacy RF sensors into the Concord panel as GEsensors (maps IDs), and pushes or otherwise propagates other informationgathered from HW panel (zone, name, group). The installer performs atest of all sensors back to CMS. In operation, the iHub relays legacysensor data to the Concord panel, emulating equivalent GE sensorbehavior and protocols.

The areas of the installation process particular to the legacy takeoverinclude how the iHub extracts sensor info from the legacy panel and howthe iHub automatically enrolls legacy RF sensors and populates Concordwith wired zone information. Each of these areas is described below.

In having the iHub extract sensor information from the legacy panel, theinstaller ‘enrolls’ iHub into the legacy panel as a wireless keypad (useinstall code and house ID—available from panel). The iHub legacy RFTakeover Card is a compatible legacy RF transceiver. The installer usesthe web portal to place iHub into ‘Takeover Mode’, and the web portalthe automatically instructs the iHub to begin extraction. The iHubqueries the panel over the RF link (to get all zone information for allsensors, wired and RF). The iHub then stores the legacy sensorinformation received during the queries on the iConnect server.

The iHub also automatically enrolls legacy RF sensors and populatesConcord with wired zone information. In so doing, the installer selects‘Enroll legacy Sensors into Concord’ (next step in ‘Takeover’ process onweb portal). The iHub automatically queries the iConnect server, anddownloads legacy sensor information previously extracted. The downloadedinformation includes an ID mapping from legacy ID to ‘spoofed’ GE ID.This mapping is stored on the server as part of the sensor information(e.g., the iConnect server knows that the sensor is a legacy sensoracting in GE mode). The iHub instructs Concord to go into install mode,and sends appropriate Superbus 2000 commands for sensor learning to thepanel. For each sensor, the ‘spoofed’ GE ID is loaded, and zone, name,and group are set based on information extracted from legacy panel. Uponcompletion, the iHub notifies the server, and the web portal is updatedto reflect next phase of Takeover (e.g., ‘Test Sensors’).

Sensors are tested in the same manner as described above. When a HWsensor is triggered, the signal is captured by the iHub legacy RFTakeover Card, translated to the equivalent GE RF sensor signal, andpushed to the panel as a sensor event on the SuperBus 2000 wires.

In support of remote programming of the panel, CMS pushes newprogramming to Concord over a phone line, or to the iConnect CMS/AlarmServer API, which in turn pushes the programming to the iHub. The iHubuses the Concord Superbus 2000 RS485 link to push the programming to theConcord panel.

FIG. 23 is a flow diagram for automatic takeover 2100 of a securitysystem, under an embodiment. Automatic takeover includes establishing2102 a wireless coupling between a takeover component running under aprocessor and a first controller of a security system installed at afirst location. The security system includes some number of securitysystem components coupled to the first controller. The automatictakeover includes automatically extracting 2104 security data of thesecurity system from the first controller via the takeover component.The automatic takeover includes automatically transferring 2106 thesecurity data to a second controller and controlling loading of thesecurity data into the second controller. The second controller iscoupled to the security system components and replaces the firstcontroller.

FIG. 24 is a flow diagram for automatic takeover 2200 of a securitysystem, under an alternative embodiment. Automatic takeover includesautomatically forming 2202 a security network at a first location byestablishing a wireless coupling between a security system and agateway. The gateway of an embodiment includes a takeover component. Thesecurity system of an embodiment includes security system components.The automatic takeover includes automatically extracting 2204 securitydata of the security system from a first controller of the securitysystem. The automatic takeover includes automatically transferring 2206the security data to a second controller. The second controller of anembodiment is coupled to the security system components and replaces thefirst controller.

Embodiments described herein include a method of interfacing to asecurity system, comprising local area wireless communication to thesecurity system for the purpose of monitoring, controlling, and/ormanaging the security system, to name a few.

Embodiments described herein include a method of interfacing to asecurity system, comprising a wired interface to the security system incombination with one or more wireless interfaces to other sensors and/ordevices for the purpose of monitoring, controlling, or managing thesecurity system.

The system of an embodiment communicates with a plurality of securitysystems, where one or more of the security systems have different RFfrequencies and/or communications protocols.

The system of an embodiment coordinates actions between a securitysystem and other devices.

The system of an embodiment notifies users as to changes in sensor stateor activity.

The system of an embodiment enables users to control the security systemremotely.

The system of an embodiment determines which sensors are included in thesecurity system.

The system of an embodiment determines descriptive characteristics ofthe sensors included in the security system.

Embodiments described herein include a method of interfacing to asecurity system, comprising a software application interface providingthe ability to communicate with a security system using one or more of aplurality of security system protocols.

The software application of an embodiment interface enables anapplication to select one of a plurality of security system protocolinterfaces.

The software application of an embodiment interface automaticallydetects available security systems, and uses the communication protocolappropriate to the security systems.

The software application of an embodiment interface simultaneouslycommunicates with multiple security systems using multiple securitysystem protocols.

The software application of an embodiment interface communicatesdirectly with sensors or devices independently from the security systemcontrol panel.

The system of an embodiment coordinates actions and data between deviceswithin the security system and other devices.

Embodiments described herein include a device comprising an interfacemodule coupled to a processor. The interface module comprises a datainterface for interfacing with a processing component of a legacy systeminstalled at a location. The processing component uses a proprietaryprotocol for processing data of the legacy system. The device comprisesa protocol module coupled to the processor. The protocol modulecomprises a protocol corresponding to the proprietary protocol. Theinterface module uses the protocol to exchange data with the processingcomponent. The device comprises a communication device coupled to theprocessor. The communication device communicates with a remote systemvia a wireless channel. The processor controls communications thatcomprise passing commands from the remote system to the legacy system,and passing event data of the legacy system to the remote system.

Embodiments described herein include a device comprising: an interfacemodule coupled to a processor, wherein the interface module comprises adata interface for interfacing with a processing component of a legacysystem installed at a location, wherein the processing component uses aproprietary protocol for processing data of the legacy system; aprotocol module coupled to the processor, wherein the protocol modulecomprises a protocol corresponding to the proprietary protocol, whereinthe interface module uses the protocol to exchange data with theprocessing component; and a communication device coupled to theprocessor, wherein the communication device communicates with a remotesystem via a wireless channel, wherein the processor controlscommunications that comprise passing commands from the remote system tothe legacy system, and passing event data of the legacy system to theremote system.

The communication device comprises a radio frequency (RF) device.

The communication device comprises a cellular communication device,wherein the cellular communication device communicates withcellular-enabled systems via a cellular network.

The cellular communication device comprises at least one of a thirdGeneration (3G) device, a High Speed Packet Access (HSPA) device, anEnhanced Voice-Data Optimized (EVDO) device, and a Long Term Evolution(LTE) device.

The communication device comprises a broadband communication device.

The communication device comprises a WiFi communication device.

The communication device comprises a Z-Wave communication device.

The communication device comprises a Zigbee communication device.

The communication device comprises a plain old telephone service (POTS)device.

The communication device comprises at least one of a cellularcommunication device, a third Generation (3G) communication device, aHigh Speed Packet Access (HSPA) communication device, an EnhancedVoice-Data Optimized (EVDO) communication device, a Long Term Evolution(LTE) communication device, a broadband communication device, a WiFicommunication device, a Z-Wave communication device, a Zigbeecommunication device, and a plain old telephone service (POTS) device.

The communication device comprises at least two of a cellularcommunication device, a third Generation (3G) communication device, aHigh Speed Packet Access (HSPA) communication device, an EnhancedVoice-Data Optimized (EVDO) communication device, a Long Term Evolution(LTE) communication device, a broadband communication device, a WiFicommunication device, a Z-Wave communication device, a Zigbeecommunication device, and a plain old telephone service (POTS) device.

The remote system comprises one or more of a server, network operationscenter, central monitoring station, network device, gateway, personalcomputing device, cellular telephone, smartphone, tablet computer,personal computer.

The legacy system is a control system installed at the location, whereinthe control system comprises a plurality of controlled devices.

The plurality of controlled devices comprises one or more ofthermostats, lights, locks, sensors, detectors, security devices,appliances, cameras, network devices, controllers, control panelprocessors, Internet Protocol (IP) devices, Z-Wave devices, and Zigbeedevices.

The legacy system enrolls the interface module as a known device.

The event data comprises data of the controlled components.

The processing component comprises a serial bus of the control system,wherein the proprietary protocol is a serial protocol.

The plurality of controlled devices is coupled to the serial bus andregistered with a controller of the control system.

The device of an embodiment comprises a wire-based coupling between theinterface module and the serial bus.

The wire-based coupling comprises at least one of a TTL interface, anRS-232 interface, and an RS-422 interface.

The device of an embodiment comprises a wireless-based coupling betweenthe interface module and the serial bus.

The device of an embodiment comprises a reporting interface modulecoupled to the processor, wherein the reporting interface moduletransmits a status report to the remote system via the communicationdevice.

The reporting interface module receives the status report from thelegacy system. The reporting interface module receives the event datafrom the legacy system, wherein the event data comprises state data ofthe control system and the controlled devices.

The reporting interface module generates the status report from theevent data and the state data.

The remote system comprises a network operations center.

The reporting interface module transmits the status report to the remotesystem via at least one intermediate system.

The interface module receives event data asynchronously transmitted bythe legacy system and passes the event data to the remote system via thecommunication device.

The communication device receives polling requests from the remotesystem and passes the polling requests to the legacy system via theinterface module.

The communication device conducts polling operations on behalf of theremote system.

The event data received from the legacy system in response to thepolling operations is sent to the remote system.

Upon receiving the event data the processor buffers the event data priorto sending the event data to the remote system.

Upon receiving the event data the processor retransmits the event datato the remote system.

The protocol corresponding to the proprietary protocol comprises anabbreviated command set.

The protocol comprises a protocol translator that maps between a firstset of commands of the legacy system and a second set of commands of theremote system.

The device of an embodiment comprises at least one proxy executed by theprocessor.

The at least one proxy comprises configuration parameters, wherein theconfiguration parameters include at least one of enable, disable,automatic-sense on, automatic-sense off, legacy system type, interfacemodule type, polling type, polling level, polling commands, pollingrate, and statistic period.

Configuration parameters of the at least one proxy are set via theremote system. Configuration parameters of the at least one proxy areautomatically determined and set by the at least one proxy usingdetected information of at least one of the legacy system and the remotesystem.

The at least one proxy includes a polling proxy, wherein the pollingproxy is an intermediary between the remote system and the legacysystem.

The polling proxy at least one of processes, parses, translatesprotocol, adjusts timing, buffers, and queues messages exchanged betweenthe remote system and the legacy system.

The polling proxy comprises message polling.

The message polling comprises providing polling commands that prompt formessages exchanged between the interface module and the legacy system,wherein the messages include at least one of legacy system statechanges, legacy system mode changes, legacy system resource changes,responses to remote system commands, message management.

The polling proxy comprises data polling.

The data polling comprises polling for data including at least one ofinternal state data and resource data of the legacy system,

The data polling comprises polling for data that indicates at least oneof a change of state and a change of resources.

The polling proxy compares data received during data polling to datafrom at least one previous query, wherein the polling proxy infers fromthe comparison at least one of state changes and resource changes.

The at least one proxy includes an injection proxy running on theprocessor.

The injection proxy is a transparent pass-through for a first messageexchanged between the remote system and the legacy system, wherein thefirst message is related to a non-polling function of the legacy system,wherein in response to the first message received from the remote systemthe injection proxy passes the first message to the legacy system,wherein in response to the first message received from the legacy systemthe injection proxy passes the first message to the remote system.

The injection proxy manages polling data of a second message exchangedbetween the remote system and the legacy system, wherein the secondmessage is related to a polling function of the legacy system.

In response to the second message received from the remote system, theinjection proxy generates a third message and sends the third message tothe legacy system, wherein the third message is generated by injectingpolling commands into the second message.

In response to the second message received from the legacy system, theinjection proxy generates a fourth message and sends the fourth messageto the remote system, wherein the fourth message is generated byremoving polling information from the second message.

The at least one proxy includes a rewrite proxy, wherein the rewriteproxy rewrites sequence numbers of messages that pass between the remotesystem and the legacy system.

The rewrite proxy detects a sequence number of the second message isshared as the sequence number of the first message.

The rewrite proxy rewrites sequence numbers of the first message,wherein a first sequence count corresponding to the first messagebetween the rewrite proxy and the remote system is continuous, wherein asecond sequence count corresponding to the first message between therewrite proxy and the legacy system is continuous.

The rewrite proxy rewrites sequence numbers of the second message,wherein a third sequence count corresponding to the second messagebetween the rewrite proxy and the remote system is continuous, wherein afourth sequence count corresponding to the second message between therewrite proxy and the legacy system is continuous.

The device of an embodiment comprises a scheduling engine coupled to theprocessor, wherein the scheduling engine schedules automations andevents of associated devices coupled to the communication device.

The processor controls communications by controlling at least one ofprotocol translation, communication translation, and timing constraintsof communication events.

The commands from the remote system comprise Transmission ControlProtocol (TCP), wherein transmissions to the remote system comprise UserDatagram Protocol (UDP).

The communication device comprises a WiFi communication device, whereinthe remote system comprises a gateway at the location, wherein thegateway comprises a wireless access manager coupled to a gatewayprocessor, wherein the wireless access manager establishes acommunication channel with the communication device, wherein thecommunication channel passes communications that comprise commands tothe legacy system from the remote system, and event data to the remotesystem from the legacy system.

The device of an embodiment comprises a second communication device thatis a cellular communication device, wherein the cellular communicationdevice establishes a second communication channel with at least oneother remote system, wherein the second communication channel passescommunications that comprise commands to the legacy system from the atleast one other remote system, and event data to the at least one otherremote system from the legacy system.

The communication device comprises operating credentials received viathe gateway.

Configuration and status data of the communication device is providedvia the gateway.

The at least one other remote system comprises one or more of a server,network operations, center, central monitoring station, network device,personal computing device, cellular telephone, smartphone, tabletcomputer, personal computer.

The communication device communicates with at least one of the remotesystem and the at least one other remote system, wherein the processorcontrols communications that comprise passing commands from at least oneof the remote system and the at least one other remote system to thelegacy system, and passing event data of the legacy system to at leastone of the remote system and the at least one other remote system.

The gateway comprises a connection manager coupled to a gatewayprocessor, wherein the connection manager is coupled to a plurality ofremote servers via a network and communicates with the plurality ofremote servers over the network.

The connection manager receives via the network a set of protocolscorresponding to the legacy system.

The gateway comprises a protocol manager coupled to the gatewayprocessor, wherein the protocol manager includes the set of protocolscorresponding to the legacy system.

The set of protocols include the protocol, wherein the protocol modulereceives the protocol from the protocol manager.

The gateway comprises a device manager coupled to the gateway processor,wherein the device manager processes the commands and the event dataexchanged between the remote system and the legacy system via theinterface module.

The wireless access manager initiates learning of the gateway into thelegacy system using the set of protocols.

The gateway includes at least one wireless device coupled to a gatewayprocessor, wherein the protocol manager includes at least one wirelessdevice protocol corresponding to the at least one wireless device,wherein the at least one wireless device provides at least onecommunication channel with at least one wireless device at the location.

The gateway locates and enrolls the interface module as a known device.

Embodiments described herein include a system comprising a gateway at alocation. The gateway is coupled to a remote system. The systemcomprises an interface device at the location. The interface devicecomprises a processor coupled to an interface module, a protocol module,and at least one communication device. The interface module comprises adata interface for interfacing with a processing component of a legacysystem installed at a location. The processing component uses aproprietary protocol for processing data of the legacy system. Theprotocol module comprises a protocol corresponding to the proprietaryprotocol. The interface module uses the protocol to exchange data withthe processing component. The at least one communication devicecommunicates with at least one of the gateway and the remote system viaat least one wireless channel. The processor controls communicationsthat comprise passing commands from the remote system to the legacysystem, and passing event data of the legacy system to the remotesystem.

Embodiments described herein include a system comprising: a gateway at alocation, wherein the gateway is coupled to a remote system; and aninterface device at the location, the interface device comprising aprocessor coupled to an interface module, a protocol module, and atleast one communication device; wherein the interface module comprises adata interface for interfacing with a processing component of a legacysystem installed at a location, wherein the processing component uses aproprietary protocol for processing data of the legacy system, whereinthe protocol module comprises a protocol corresponding to theproprietary protocol, wherein the interface module uses the protocol toexchange data with the processing component, wherein the at least onecommunication device communicates with at least one of the gateway andthe remote system via at least one wireless channel, wherein theprocessor controls communications that comprise passing commands fromthe remote system to the legacy system, and passing event data of thelegacy system to the remote system.

The at least one communication device comprises a radio frequency (RF)device.

The at least one communication device comprises a cellular communicationdevice, wherein the cellular communication device communicates withcellular-enabled systems via a cellular network, wherein the cellularcommunication device comprises at least one of a third Generation (3G)device, a High Speed Packet Access (HSPA) device, an Enhanced Voice-DataOptimized (EVDO) device, and a Long Term Evolution (LTE) device.

The at least one communication device comprises a broadbandcommunication device.

The at least one communication device comprises a WiFi communicationdevice.

The at least one communication device comprises a Z-Wave communicationdevice.

The at least one communication device comprises a Zigbee communicationdevice.

The at least one communication device comprises at least one of acellular communication device, a third Generation (3G) communicationdevice, a High Speed Packet Access (HSPA) communication device, anEnhanced Voice-Data Optimized (EVDO) communication device, a Long TermEvolution (LTE) communication device, a broadband communication device,a WiFi communication device, a Z-Wave communication device, a Zigbeecommunication device, and a plain old telephone service (POTS) device.

The remote system comprises one or more of a server, network operationscenter, central monitoring station, network device, personal computingdevice, cellular telephone, smartphone, tablet computer, personalcomputer.

The processor controls communications by controlling at least one ofprotocol translation, communication translation, and timing constraintsof communication events.

The at least one communication device comprises a WiFi communicationdevice, wherein the gateway comprises a wireless access manager coupledto a gateway processor, wherein the wireless access manager establishesa communication channel with the at least one communication device,wherein the communication channel passes communications that comprisecommands to the legacy system from at least one of the gateway and theremote system, and event data to at least one of the gateway and theremote system from the legacy system.

The at least one communication device comprises a second communicationdevice that is a cellular communication device, wherein the cellularcommunication device establishes a second communication channel with theremote system, wherein the second communication channel passescommunications that comprise commands to the legacy system from theremote system, and event data to the remote system from the legacysystem.

The at least one communication device comprises operating credentialsreceived via the gateway.

Configuration and status data of the at least one communication deviceis provided via the gateway.

The at least one communication device communicates with at least one ofthe gateway and the remote system, wherein the processor controlscommunications that comprise passing commands from at least one of thegateway and the remote system to the legacy system, and passing eventdata of the legacy system to at least one of the gateway and the remotesystem.

The gateway comprises a connection manager coupled to a gatewayprocessor, wherein the connection manager is coupled to the remotesystem via a network and communicates with the remote system over thenetwork.

The connection manager receives via the network a set of protocolscorresponding to the legacy system.

The gateway comprises a protocol manager coupled to the gatewayprocessor, wherein the protocol manager includes the set of protocolscorresponding to the legacy system.

The set of protocols include the protocol, wherein the protocol modulereceives the protocol from the protocol manager.

The gateway comprises a device manager coupled to the gateway processor,wherein the device manager processes the commands and the event dataexchanged between the remote system and the legacy system via theinterface module.

The wireless access manager initiates learning of the gateway into thelegacy system using the set of protocols.

The gateway includes at least one wireless device coupled to a gatewayprocessor, wherein the protocol manager includes at least one wirelessdevice protocol corresponding to the at least one wireless device,wherein the at least one wireless device provides at least onecommunication channel with at least one wireless device at the location.

The gateway locates and enrolls the interface module as a known device.

The legacy system is a security system installed at the location,wherein the security system comprises a plurality of security systemcomponents.

The plurality of security system components comprise one or more ofgateway devices, touchscreen devices, security panels, security panelprocessors, sensors, detectors, door contacts, window contacts, motionsensors, and glass-break detectors.

The legacy system enrolls the interface device as a known device.

The event data comprises at least one of data of the plurality ofsecurity system components, alarm condition data, and sensor data.

The processing component comprises a serial bus of a controller of thesecurity system, wherein the proprietary protocol is a serial protocol.

The plurality of security system components is coupled to the serial busand registered with the controller.

The system of an embodiment comprises a wire-based coupling between theinterface module and the serial bus, wherein the wire-based couplingcomprises at least one of a TTL interface, an RS-232 interface, and anRS-422 interface.

The system of an embodiment comprises a wireless-based coupling betweenthe interface module and the serial bus.

The system of an embodiment comprises an alarm interface module coupledto the processor, wherein the alarm interface module transmits an alarmreport to at least one of the gateway and the remote system.

The alarm interface module receives the alarm report from the legacysystem.

The alarm interface module receives the event data from the legacysystem, wherein the event data comprises security state data of thesecurity system, wherein the alarm interface module generates the alarmreport from the security state data.

The remote system comprises an alarm central monitoring station.

The alarm interface module transmits the alarm report to at least one ofthe gateway and the remote system via at least one intermediate system.

The interface module receives event data asynchronously transmitted bythe legacy system and passes the event data to at least one of thegateway and the remote system via the at least one communication device.

The at least one communication device receives polling requests from atleast one of the gateway and the remote system and passes the pollingrequests to the legacy system via the interface module.

The at least one communication device conducts polling operations onbehalf of the remote system.

The event data received from the legacy system in response to thepolling operations is sent to at least one of the gateway and the remotesystem.

Upon receiving the event data the processor buffers the event data priorto sending the event data to at least one of the gateway and the remotesystem.

Upon receiving the event data the processor retransmits the event datato at least one of the gateway and the remote system.

The protocol corresponding to the proprietary protocol comprises anabbreviated command set.

The protocol comprises a protocol translator that maps between a firstset of commands of the legacy system and a second set of commands of theremote system.

The gateway forms a security network by automatically discovering viathe interface device the security system components and integratingcommunications and functions of the security system components into thesecurity network via the wireless coupling.

The gateway comprises a user interface coupled to the security network,wherein the user interface allows control of the functions of thesecurity network by a user.

The user interface is a touchscreen device, wherein the touchscreendevice includes the gateway.

The system of an embodiment comprises a portal coupled to the gateway,wherein the portal provides access to the communications and thefunctions of the security network via the remote system.

The system of an embodiment comprises an interface coupled to thesecurity network, wherein the interface allows control of the functionsof the security network from the remote system.

The gateway automatically discovers the security system components andestablishes and controls the communications with the security systemcomponents.

The gateway includes a device connect component that includesdefinitions of the security system components.

The security system is coupled to a central monitoring station via aprimary communication link, wherein the gateway is coupled to thecentral monitoring station via a secondary communication link that isdifferent than the primary communication link.

The gateway transmits event data of the security system components tothe central monitoring station over the secondary communication link.

The gateway transmits messages comprising event data of the securitysystem components to the remote system over the secondary communicationlink.

The gateway receives control data for control of the security systemcomponents from the remote system via the secondary communication link.

The security network comprises network devices coupled to the gatewayvia a wireless coupling, wherein the network devices include at leastone of an Internet Protocol (IP) device, a camera, a touchscreen, adevice controller that controls an attached device, and a sensor.

The gateway automatically discovers the network devices and installs thenetwork devices in the security network.

The gateway controls communications between the network devices, thesecurity system components, and the remote system.

The gateway transmits event data of the network devices to the remotesystem over at least one communication link, wherein the event datacomprises changes in device states of the network devices, data of thenetwork devices, and data received by the network devices.

The gateway receives control data for control of the network devicesfrom the remote system via the at least one communication link.

The remote system includes a security server at a remote locationdifferent from the location, wherein the security server is coupled tothe gateway.

The security server creates, modifies and terminates couplings betweenthe gateway and at least one of the security system components and thenetwork devices.

The security server creates, modifies, deletes and configures at leastone of the security system components and the network devices.

The security server creates automations, schedules and notificationrules associated with at least one of the security system components andthe network devices.

The security server manages communications with at least one of thesecurity system components and the network devices.

The interface device comprises a scheduling engine coupled to theprocessor, wherein the scheduling engine schedules automations andevents of at least one of the security system components and the networkdevices.

The system of an embodiment comprises at least one proxy executed by theprocessor of the interface device.

The at least one proxy includes a polling proxy, wherein the pollingproxy is an intermediary between the remote system and the legacysystem.

The polling proxy at least one of processes, parses, translatesprotocol, adjusts timing, buffers, and queues messages exchanged betweenthe remote system and the legacy system.

The polling proxy comprises message polling, wherein the message pollingcomprises providing polling commands that prompt for messages exchangedbetween the interface module and the legacy system, wherein the messagesinclude at least one of legacy system state changes, legacy system modechanges, legacy system resource changes, responses to remote systemcommands, message management.

The polling proxy comprises data polling.

The data polling comprises polling for data including at least one ofinternal state data and resource data of the legacy system, and datathat indicates at least one of a change of state and a change ofresources.

The polling proxy compares data received during data polling to datafrom at least one previous query, wherein the polling proxy infers fromthe comparison at least one of state changes and resource changes.

The at least one proxy includes an injection proxy running on theprocessor.

The injection proxy is a transparent pass-through for a first messageexchanged between the remote system and the legacy system, wherein thefirst message is related to a non-polling function of the legacy system,wherein in response to the first message received from the remote systemthe injection proxy passes the first message to the legacy system,wherein in response to the first message received from the legacy systemthe injection proxy passes the first message to the remote system.

The injection proxy manages polling data of a second message exchangedbetween the remote system and the legacy system, wherein the secondmessage is related to a polling function of the legacy system.

In response to the second message received from the remote system, theinjection proxy generates a third message and sends the third message tothe legacy system, wherein the third message is generated by injectingpolling commands into the second message.

In response to the second message received from the legacy system, theinjection proxy generates a fourth message and sends the fourth messageto the remote system, wherein the fourth message is generated byremoving polling information from the second message.

The at least one proxy includes a rewrite proxy, wherein the rewriteproxy rewrites sequence numbers of messages that pass between the remotesystem and the legacy system.

The rewrite proxy detects a sequence number of the second message isshared as the sequence number of the first message.

The rewrite proxy rewrites sequence numbers of the first message,wherein a first sequence count corresponding to the first messagebetween the rewrite proxy and the remote system is continuous, wherein asecond sequence count corresponding to the first message between therewrite proxy and the legacy system is continuous.

The rewrite proxy rewrites sequence numbers of the second message,wherein a third sequence count corresponding to the second messagebetween the rewrite proxy and the remote system is continuous, wherein afourth sequence count corresponding to the second message between therewrite proxy and the legacy system is continuous.

Embodiments described herein include a method comprising establishing aninterface with a processing component of a legacy system installed at alocation. The processing component uses a proprietary protocol forprocessing data of the legacy system. The method comprises using aprotocol with the interface to exchange data with the processingcomponent, wherein the protocol corresponds to the proprietary protocol.The method comprises communicating between the interface and a remotesystem via a communication device and a wireless channel. Thecommunicating comprises controlling communications by passing commandsfrom the remote system to the legacy system, and passing the data of thelegacy system to the remote system.

Embodiments described herein include a method comprising: establishingan interface with a processing component of a legacy system installed ata location, wherein the processing component uses a proprietary protocolfor processing data of the legacy system; using a protocol with theinterface to exchange data with the processing component, wherein theprotocol corresponds to the proprietary protocol; and communicatingbetween the interface and a remote system via a communication device anda wireless channel, wherein the communicating comprises controllingcommunications by passing commands from the remote system to the legacysystem, and passing the data of the legacy system to the remote system.

The communication device comprises a radio frequency (RF) device.

The communication device comprises a cellular communication device,wherein the cellular communication device communicates withcellular-enabled systems via a cellular network.

The cellular communication device comprises at least one of a thirdGeneration (3G) device, a High Speed Packet Access (HSPA) device, anEnhanced Voice-Data Optimized (EVDO) device, and a Long Term Evolution(LTE) device.

The communication device comprises a broadband communication device.

The communication device comprises a WiFi communication device.

The communication device comprises a Z-Wave communication device.

The communication device comprises a Zigbee communication device.

The communication device comprises a plain old telephone service (POTS)device.

The communication device comprises at least one of a cellularcommunication device, a third Generation (3G) communication device, aHigh Speed Packet Access (HSPA) communication device, an EnhancedVoice-Data Optimized (EVDO) communication device, a Long Term Evolution(LTE) communication device, a broadband communication device, a WiFicommunication device, a Z-Wave communication device, a Zigbeecommunication device, and a plain old telephone service (POTS) device.

The communication device comprises at least two of a cellularcommunication device, a third Generation (3G) communication device, aHigh Speed Packet Access (HSPA) communication device, an EnhancedVoice-Data Optimized (EVDO) communication device, a Long Term Evolution(LTE) communication device, a broadband communication device, a WiFicommunication device, a Z-Wave communication device, a Zigbeecommunication device, and a plain old telephone service (POTS) device.

The remote system comprises one or more of a server, network operationscenter, central monitoring station, network device, gateway, personalcomputing device, cellular telephone, smartphone, tablet computer,personal computer.

The legacy system is a control system installed at the location, whereinthe control system comprises a plurality of controlled devices.

The plurality of controlled devices comprises one or more ofthermostats, lights, locks, sensors, detectors, security devices,appliances, cameras, network devices, controllers, control panelprocessors, Internet Protocol (IP) devices, Z-Wave devices, and

Zigbee devices.

The method comprises enrolling as a known device at the legacy systemthe interface module.

The event data comprises data of the controlled components.

The processing component comprises a serial bus of the control system,wherein the proprietary protocol is a serial protocol.

The plurality of controlled devices is coupled to the serial bus andregistered with a controller of the control system.

The method comprises transmitting a status report to the remote systemvia the communication device and a reporting interface module.

The method comprises receiving the status report from the legacy systemat the reporting interface module.

The method comprises receiving at the reporting interface module theevent data from the legacy system, wherein the event data comprisesstate data of the control system and the controlled devices.

The method comprises generating at the reporting interface module thestatus report from the event data and the state data.

The method comprises transmitting the status report to the remote systemvia at least one intermediate system.

The method comprises receiving at the interface module event dataasynchronously transmitted by the legacy system and passing the eventdata to the remote system via the communication device.

The method comprises receiving at the communication device pollingrequests from the remote system and passing the polling requests to thelegacy system via the interface module.

The method comprises the communication device conducting pollingoperations on behalf of the remote system.

The method comprises sending the event data received from the legacysystem in response to the polling operations to the remote system.

The method comprises buffering the event data prior to sending the eventdata to the remote system.

The method comprises upon receiving the event data retransmitting theevent data to the remote system.

The protocol corresponding to the proprietary protocol comprises anabbreviated command set.

The protocol comprises a protocol translator that maps between a firstset of commands of the legacy system and a second set of commands of theremote system.

The method comprises executing at the interface at least one proxy.

The at least one proxy comprises configuration parameters, wherein theconfiguration parameters include at least one of enable, disable,automatic-sense on, automatic-sense off, legacy system type, interfacemodule type, polling type, polling level, polling commands, pollingrate, and statistic period.

The method comprises setting via the remote system configurationparameters of the at least one proxy.

The method comprises automatically determining and setting configurationparameters of the at least one proxy by the at least one proxy usingdetected information of at least one of the legacy system and the remotesystem.

The at least one proxy includes a polling proxy, wherein the pollingproxy is an intermediary between the remote system and the legacysystem.

The polling proxy at least one of processes, parses, translatesprotocol, adjusts timing, buffers, and queues messages exchanged betweenthe remote system and the legacy system.

The polling proxy comprises message polling.

The message polling comprises providing polling commands that prompt formessages exchanged between the interface module and the legacy system,wherein the messages include at least one of legacy system statechanges, legacy system mode changes, legacy system resource changes,responses to remote system commands, message management.

The polling proxy comprises data polling.

The data polling comprises polling for data including at least one ofinternal state data and resource data of the legacy system,

The data polling comprises polling for data that indicates at least oneof a change of state and a change of resources.

The polling proxy compares data received during data polling to datafrom at least one previous query, wherein the polling proxy infers fromthe comparison at least one of state changes and resource changes.

The at least one proxy includes an injection proxy running on theprocessor.

The injection proxy is a transparent pass-through for a first messageexchanged between the remote system and the legacy system, wherein thefirst message is related to a non-polling function of the legacy system,wherein in response to the first message received from the remote systemthe injection proxy passes the first message to the legacy system,wherein in response to the first message received from the legacy systemthe injection proxy passes the first message to the remote system.

The injection proxy manages polling data of a second message exchangedbetween the remote system and the legacy system, wherein the secondmessage is related to a polling function of the legacy system.

In response to the second message received from the remote system, theinjection proxy generates a third message and sends the third message tothe legacy system, wherein the third message is generated by injectingpolling commands into the second message.

In response to the second message received from the legacy system, theinjection proxy generates a fourth message and sends the fourth messageto the remote system, wherein the fourth message is generated byremoving polling information from the second message.

The at least one proxy includes a rewrite proxy, wherein the rewriteproxy rewrites sequence numbers of messages that pass between the remotesystem and the legacy system.

The rewrite proxy detects a sequence number of the second message isshared as the sequence number of the first message.

The rewrite proxy rewrites sequence numbers of the first message,wherein a first sequence count corresponding to the first messagebetween the rewrite proxy and the remote system is continuous, wherein asecond sequence count corresponding to the first message between therewrite proxy and the legacy system is continuous.

The rewrite proxy rewrites sequence numbers of the second message,wherein a third sequence count corresponding to the second messagebetween the rewrite proxy and the remote system is continuous, wherein afourth sequence count corresponding to the second message between therewrite proxy and the legacy system is continuous.

The method comprises scheduling with a scheduling engine automations andevents of associated devices coupled to the communication device.

The method comprises controlling communications by controlling at leastone of protocol translation, communication translation, and timingconstraints of communication events.

As described above, computer networks suitable for use with theembodiments described herein include local area networks (LAN), widearea networks (WAN), Internet, or other connection services and networkvariations such as the world wide web, the public internet, a privateinternet, a private computer network, a public network, a mobilenetwork, a cellular network, a value-added network, and the like.Computing devices coupled or connected to the network may be anymicroprocessor controlled device that permits access to the network,including terminal devices, such as personal computers, workstations,servers, mini computers, main-frame computers, laptop computers, mobilecomputers, palm top computers, hand held computers, mobile phones, TVset-top boxes, or combinations thereof. The computer network may includeone of more LANs, WANs, Internets, and computers. The computers mayserve as servers, clients, or a combination thereof.

The integrated security system can be a component of a single system,multiple systems, and/or geographically separate systems. The integratedsecurity system can also be a subcomponent or subsystem of a singlesystem, multiple systems, and/or geographically separate systems. Theintegrated security system can be coupled to one or more othercomponents (not shown) of a host system or a system coupled to the hostsystem.

One or more components of the integrated security system and/or acorresponding system or application to which the integrated securitysystem is coupled or connected includes and/or runs under and/or inassociation with a processing system. The processing system includes anycollection of processor-based devices or computing devices operatingtogether, or components of processing systems or devices, as is known inthe art. For example, the processing system can include one or more of aportable computer, portable communication device operating in acommunication network, and/or a network server. The portable computercan be any of a number and/or combination of devices selected from amongpersonal computers, personal digital assistants, portable computingdevices, and portable communication devices, but is not so limited. Theprocessing system can include components within a larger computersystem.

The processing system of an embodiment includes at least one processorand at least one memory device or subsystem. The processing system canalso include or be coupled to at least one database. The term“processor” as generally used herein refers to any logic processingunit, such as one or more central processing units (CPUs), digitalsignal processors (DSPs), application-specific integrated circuits(ASIC), etc. The processor and memory can be monolithically integratedonto a single chip, distributed among a number of chips or components,and/or provided by some combination of algorithms. The methods describedherein can be implemented in one or more of software algorithm(s),programs, firmware, hardware, components, circuitry, in any combination.

The components of any system that includes the integrated securitysystem can be located together or in separate locations. Communicationpaths couple the components and include any medium for communicating ortransferring files among the components. The communication paths includewireless connections, wired connections, and hybrid wireless/wiredconnections. The communication paths also include couplings orconnections to networks including local area networks (LANs),metropolitan area networks (MANs), wide area networks (WANs),proprietary networks, interoffice or backend networks, and the Internet.Furthermore, the communication paths include removable fixed mediumslike floppy disks, hard disk drives, and CD-ROM disks, as well as flashRAM, Universal Serial Bus (USB) connections, RS-232 connections,telephone lines, buses, and electronic mail messages.

Aspects of the integrated security system and corresponding systems andmethods described herein may be implemented as functionality programmedinto any of a variety of circuitry, including programmable logic devices(PLDs), such as field programmable gate arrays (FPGAs), programmablearray logic (PAL) devices, electrically programmable logic and memorydevices and standard cell-based devices, as well as application specificintegrated circuits (ASICs). Some other possibilities for implementingaspects of the integrated security system and corresponding systems andmethods include: microcontrollers with memory (such as electronicallyerasable programmable read only memory (EEPROM)), embeddedmicroprocessors, firmware, software, etc. Furthermore, aspects of theintegrated security system and corresponding systems and methods may beembodied in microprocessors having software-based circuit emulation,discrete logic (sequential and combinatorial), custom devices, fuzzy(neural) logic, quantum devices, and hybrids of any of the above devicetypes. Of course the underlying device technologies may be provided in avariety of component types, e.g., metal-oxide semiconductor field-effecttransistor (MOSFET) technologies like complementary metal-oxidesemiconductor (CMOS), bipolar technologies like emitter-coupled logic(ECL), polymer technologies (e.g., silicon-conjugated polymer andmetal-conjugated polymer-metal structures), mixed analog and digital,etc.

It should be noted that any system, method, and/or other componentsdisclosed herein may be described using computer aided design tools andexpressed (or represented), as data and/or instructions embodied invarious computer-readable media, in terms of their behavioral, registertransfer, logic component, transistor, layout geometries, and/or othercharacteristics. Computer-readable media in which such formatted dataand/or instructions may be embodied include, but are not limited to,non-volatile storage media in various forms (e.g., optical, magnetic orsemiconductor storage media) and carrier waves that may be used totransfer such formatted data and/or instructions through wireless,optical, or wired signaling media or any combination thereof. Examplesof transfers of such formatted data and/or instructions by carrier wavesinclude, but are not limited to, transfers (uploads, downloads, e-mail,etc.) over the Internet and/or other computer networks via one or moredata transfer protocols (e.g., HTTP, FTP, SMTP, etc.). When receivedwithin a computer system via one or more computer-readable media, suchdata and/or instruction-based expressions of the above describedcomponents may be processed by a processing entity (e.g., one or moreprocessors) within the computer system in conjunction with execution ofone or more other computer programs.

Unless the context clearly requires otherwise, throughout thedescription and the claims, the words “comprise,” “comprising,” and thelike are to be construed in an inclusive sense as opposed to anexclusive or exhaustive sense; that is to say, in a sense of “including,but not limited to.” Words using the singular or plural number alsoinclude the plural or singular number respectively. Additionally, thewords “herein,” “hereunder,” “above,” “below,” and words of similarimport, when used in this application, refer to this application as awhole and not to any particular portions of this application. When theword “or” is used in reference to a list of two or more items, that wordcovers all of the following interpretations of the word: any of theitems in the list, all of the items in the list and any combination ofthe items in the list.

The above description of embodiments of the integrated security systemand corresponding systems and methods is not intended to be exhaustiveor to limit the systems and methods to the precise forms disclosed.While specific embodiments of, and examples for, the integrated securitysystem and corresponding systems and methods are described herein forillustrative purposes, various equivalent modifications are possiblewithin the scope of the systems and methods, as those skilled in therelevant art will recognize. The teachings of the integrated securitysystem and corresponding systems and methods provided herein can beapplied to other systems and methods, not only for the systems andmethods described above.

The elements and acts of the various embodiments described above can becombined to provide further embodiments. These and other changes can bemade to the integrated security system and corresponding systems andmethods in light of the above detailed description.

1. A method comprising: receiving, from one or more premises devices viaa first communication protocol, premises device data; sending, to acomputing device via a second communication protocol, an indication ofthe premises device data, wherein the second communication protocol isdifferent from the first communication protocol; receiving, from thecomputing device, an indication of a premises device command; andsending, to the one or more premises devices via the first communicationprotocol, the premises device command.
 2. The method of claim 1, furthercomprising: receiving, from the one or more premises devices via thefirst communication protocol and based on the sending the premisesdevice command, additional premises device data; and sending, to thecomputing device via the second communication protocol, an indication ofthe additional premises device data.
 3. The method of claim 1, whereinthe sending the premises device command causes the one or more premisesdevices to at least one of execute the premises device command, schedulean operation, automate an operation, send data, or generate data.
 4. Themethod of claim 1, wherein the one or more premises devices comprise atleast one of a gateway device, a security system device, a touchscreendevice, a security system bus, or a security system panel.
 5. The methodof claim 1, wherein the computing device comprises at least one of agateway device, a security system device, a touchscreen device, asecurity system bus, a security system panel, a network server, a webserver, a system database, an application server, a central monitoringsystem, a remote control device, a remote monitoring device, a remotemanagement device, an intermediate device, or a communication device. 6.The method of claim 1, wherein the first communication protocolcomprises at least one of a serial protocol, a wireless communicationprotocol, a wired communication protocol, a radio frequency (RF)protocol, a Wi-Fi protocol, a Z-Wave protocol, or a Zigbee protocol. 7.The method of claim 1, wherein the second communication protocolcomprises at least one of a serial protocol, a wireless communicationprotocol, a wired communication protocol, a radio frequency (RF)protocol, a Wi-Fi protocol, a Z-Wave protocol, or a Zigbee protocol, acellular protocol, a High Speed Packet Access (HSPA) protocol, a LongTerm Evolution (LTE) protocol, a third Generation (3G) protocol, aZ-Wave protocol, a Zigbee protocol, an Internet protocol, or a plain oldtelephone service (POTS) protocol.
 8. The method of claim 1, wherein thereceiving the premises device data comprises receiving, by a proxydevice configured to communicate with the one or more premises devicesand the computing device, the premises device data.
 9. The method ofclaim 1, wherein the premises device data is associated with at leastone of a premises event, a polling response, an operation executed bythe one or more premises devices, an operation executed by a componentof a premises system, a state of a premises system, or a state of theone or more premises devices.
 10. A method comprising: receiving, from acomputing device via a first communication protocol, an indication of apremises device command associated with one or more premises devices;based on the indication of the premises device command, sending, to theone or more premises devices, via a second communication protocol, thepremises device command, wherein the second communication protocol isdifferent from the first communication protocol; receiving, from the oneor more premises devices, premises device data; and sending, to thecomputing device via the first communication protocol, an indication ofthe premises device data.
 11. The method of claim 10, wherein theindication of the premises device command comprises an indication of atleast one of a schedule, an automation, a request for data, a function,or an operation.
 12. The method of claim 10, wherein the premises devicedata is associated with at least one of a premises event, a pollingresponse, an operation executed by the one or more premises devices, anoperation executed by a component of a premises system, a state of apremises system, or a state of the one or more premises devices.
 13. Themethod of claim 10, wherein the second communication protocol comprisesat least one of a serial protocol, a wireless communication protocol, awired communication protocol, a radio frequency (RF) protocol, a Wi-Fiprotocol, a Z-Wave protocol, or a Zigbee protocol.
 14. The method ofclaim 10, wherein the first communication protocol comprises at leastone of a serial protocol, a wireless communication protocol, a wiredcommunication protocol, a radio frequency (RF) protocol, a Wi-Fiprotocol, a Z-Wave protocol, or a Zigbee protocol, a cellular protocol,a High Speed Packet Access (HSPA) protocol, a Long Term Evolution (LTE)protocol, a third Generation (3G) protocol, a Z-Wave protocol, a Zigbeeprotocol, an Internet protocol, or a plain old telephone service (POTS)protocol.
 15. The method of claim 10, wherein the receiving theindication of the premises device command comprises receiving, by aproxy device configured to communicate with the one or more premisesdevices and the computing device, the indication of the premises devicecommand.
 16. The method of claim 10, wherein the one or more premisesdevices comprise at least one of a gateway device, a security systemdevice, a touchscreen device, a security system bus, or a securitysystem panel.
 17. The method of claim 10, wherein the computing devicecomprises at least one of a gateway device, a security system device, atouchscreen device, a security system bus, a security system panel, anetwork server, a web server, a system database, an application server,a central monitoring system, a remote control device, a remotemonitoring device, a remote management device, an intermediate device,or a communication device.
 18. A device comprising: one or moreprocessors; and memory storing instructions that, when executed by theone or more processors, cause the device to: receive, from one or morepremises devices via a first communication protocol, premises devicedata; send, to a computing device via a second communication protocol,an indication of the premises device data, wherein the secondcommunication protocol is different from the first communicationprotocol; receive, from the computing device, an indication of apremises device command; and send, to the one or more premises devicesvia the first communication protocol, the premises device command. 19.The device of claim 18, wherein the instructions further cause thedevice to: receive, from the one or more premises devices via the firstcommunication protocol and based on the sending the premises devicecommand, additional premises device data; and send, to the computingdevice via the second communication protocol, an indication of theadditional premises device data.
 20. The device of claim 18, wherein theinstructions that cause the device to send the premises device commandcause the device to cause the one or more premises devices to at leastone of execute the premises device command, schedule an operation,automate an operation, send data, or generate data.
 21. The device ofclaim 18, wherein the one or more premises devices comprise at least oneof a gateway device, a security system device, a touchscreen device, asecurity system bus, or a security system panel.
 22. The device of claim18, wherein the computing device comprises at least one of a gatewaydevice, a security system device, a touchscreen device, a securitysystem bus, a security system panel, a network server, a web server, asystem database, an application server, a central monitoring system, aremote control device, a remote monitoring device, a remote managementdevice, an intermediate device, or a communication device.
 23. Thedevice of claim 18, wherein the first communication protocol comprisesat least one of a serial protocol, a wireless communication protocol, awired communication protocol, a radio frequency (RF) protocol, a Wi-Fiprotocol, a Z-Wave protocol, or a Zigbee protocol.
 24. The device ofclaim 18, wherein the second communication protocol comprises at leastone of a serial protocol, a wireless communication protocol, a wiredcommunication protocol, a radio frequency (RF) protocol, a Wi-Fiprotocol, a Z-Wave protocol, or a Zigbee protocol, a cellular protocol,a High Speed Packet Access (HSPA) protocol, a Long Term Evolution (LTE)protocol, a third Generation (3G) protocol, a Z-Wave protocol, a Zigbeeprotocol, an Internet protocol, or a plain old telephone service (POTS)protocol.
 25. The device of claim 18, wherein the instructions thatcause the device to receive the premises device data cause the device toreceive, by a proxy device configured to communicate with the one ormore premises devices and the computing device, the premises devicedata.
 26. The device of claim 18, wherein the premises device data isassociated with at least one of a premises event, a polling response, anoperation executed by the one or more premises devices, an operationexecuted by a component of a premises system, a state of a premisessystem, or a state of the one or more premises devices.
 27. A devicecomprising: one or more processors; and memory storing instructionsthat, when executed by the one or more processors, cause the device to:receive, from a computing device via a first communication protocol, anindication of a premises device command associated with one or morepremises devices; based on the indication of the premises devicecommand, send, to the one or more premises devices, via a secondcommunication protocol, the premises device command, wherein the secondcommunication protocol is different from the first communicationprotocol; receive, from the one or more premises devices, premisesdevice data; and send, to the computing device via the firstcommunication protocol, an indication of the premises device data. 28.The device of claim 27, wherein the indication of the premises devicecommand comprises an indication of at least one of a schedule, anautomation, a request for data, a function, or an operation.
 29. Thedevice of claim 27, wherein the premises device data is associated withat least one of a premises event, a polling response, an operationexecuted by the one or more premises devices, an operation executed by acomponent of a premises system, a state of a premises system, or a stateof the one or more premises devices.
 30. The device of claim 27, whereinthe second communication protocol comprises at least one of a serialprotocol, a wireless communication protocol, a wired communicationprotocol, a radio frequency (RF) protocol, a Wi-Fi protocol, a Z-Waveprotocol, or a Zigbee protocol.
 31. The device of claim 27, wherein thefirst communication protocol comprises at least one of a serialprotocol, a wireless communication protocol, a wired communicationprotocol, a radio frequency (RF) protocol, a Wi-Fi protocol, a Z-Waveprotocol, or a Zigbee protocol, a cellular protocol, a High Speed PacketAccess (HSPA) protocol, a Long Term Evolution (LTE) protocol, a thirdGeneration (3G) protocol, a Z-Wave protocol, a Zigbee protocol, anInternet protocol, or a plain old telephone service (POTS) protocol. 32.The device of claim 27, wherein the instructions that cause the deviceto receive the indication of the premises device command cause thedevice to receive, by a proxy device configured to communicate with theone or more premises devices and the computing device, the indication ofthe premises device command.
 33. The device of claim 27, wherein the oneor more premises devices comprise at least one of a gateway device, asecurity system device, a touchscreen device, a security system bus, ora security system panel.
 34. The device of claim 27, wherein thecomputing device comprises at least one of a gateway device, a securitysystem device, a touchscreen device, a security system bus, a securitysystem panel, a network server, a web server, a system database, anapplication server, a central monitoring system, a remote controldevice, a remote monitoring device, a remote management device, anintermediate device, or a communication device.